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ABSTRACT 

An understanding of the mathematical properties of Petri Nets is 
essential when one wishes to use Petri Nets as an abstract model for 
concurrent systems. The decidability of various problems which arise 
in this context is an important aspect of this question. The fact that 
these problems also arise in the context of other mathematical theories, 
such as commutative semigroups, closure under linear relations. 
Matrix Context-Free grammars, or Weak Coimter Automata, provides 
further motivation. 

The Reachability Problem for Vector Addition System.s - whose 
decidability is still an open question - is of central importance. We 
show that a number of Petri Net problems are recursively equivalent to 
this problem. These include the Liveness Problem (e, g. can a given 
system reach a deadlocked state?), the single-place reachability problem 
(can a given buffer ever be emptied? ), the persistence problem (can a 
given transition ever be disabled by the firing of another transition? ), 
and the membership and emptiness problems for certain classes of 
languages generated by Petri Nets. 

The power of the unrestricted Petri Net model is illustrated by 
various undecidable equivalence results. In particular, we show that the 
equality of Reachability Sets and the equivalence of two Petri Nets in 
terms of their language- generating capability are recursively undecidable. 

It is hoped that the constructions used to prove our results will shed 
some light on the source of the complexities of the unrestricted Petri Net 
model, and may eventually permit us to achieve an optimal balance 
between representational transparency and analytical power of the Petri 
Net model. 
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CHAPTER 1 
INTRODUCTION 

1. 1 Petri Nets and Concurrent Systems 

Petri Nets are best known as a graphical tool for the representation 
and analysis of concurrent or parallel systems. They originated from 
the work of C. A. Petri [54] in Germany in 1962. They were introduced 
to the U.S.A. by A. W. Holt in 1966. The notation most commonly 
used is also due to Holt [27]. In 1970 the interpretation of Petri Nets 
was generalized to permit unboundedness, such as occurs in a priori 
unbounded buffers (Holt and Commoner [28]). Further generalizations - 
to what we call "Generalized Petri Nets" - were proposed around 1972 by 
several people, including Commoner [ 8 ], Keller [34] and the author. 
We have shown in [1 8, 20] that these Generalized Petri Nets can them- 
selves be suitably modelled by "ordinary" Petri Nets (1970 definition), so 
that the generalization essentially only buys modelling convenience, not 
more modelling power. 

A Petri Net describes a concurrent system by expressing the relation- 
ship between elementary actions performed by the system and the 
resulting local change in the state of the system. In contrast to 
traditional automata theory, the state of a concurrent system is a 
structured entity, and "local change" means change to a specific 
structural component of the state of the system. Such local state 
changes can occur concurrently - that is to say, in a temporally independ- 
ent fashion, where the concept of simultaneousness may be ill-defined - 
and thus the concept of "total system state" may also be ill-defined, 
except as an abstraction (imagine counting a moving crowd! ). But this is 
a philosophical issue which need not concern us here. 
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If we want to use Petri Nets as a model for concurrent systems, we 
must provide analytical tools to answer the kind of questions we would 
like to ask about the concurrent systems. This implies a knowledge of 
the mathematical properties of Petri Nets. 

To date, the mathematical properties are well known only for 
certain restricted classes of Petri Nets. In their full generality, there 
are still many unsolved problems. Even for bounded systems (where 
the number of possible configurations is finite) - which in theory can be 
grossly described by Finite State Automata - the problems are 
untractable, because the notion of total system state simply does not 
reflect the structure of the system, aside from any consideration of size. 
We shall investigate the decidability of some important questions about 
the mathematical properties of Petri Nets. Specifically, we shall study 
whether there exist algorithms for testing whether a given Petri Net has 
a given property or not. For some properties, we can directly exhibit 
an algorithm for testing for them, but our main technique consists in 
proving the recursive reducibility of one problem to another: We show 
how to effectively construct an algorithm for one problem if we are given 
an algorithm (or an "oracle") for the other. 

We believe that the techniques and constructions used in our proofs 
can also be very useful as general analytical tools for studying Petri 
Nets, because the reducibility proofs illustrate fundamental relationships 
between the various mathematical properties of Petri Nets. This is 
true even in the case of bounded systems, where decidability is a moot 
question, because the parallelism inherent in Petri Nets permits the 
representation of exceedingly complex finite- state systems by compara- 
tively small Petri Nets. In fact, the complexity of bounded Petri Net 
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constructions can be just about as bad as for unbounded constructions. 

It therefore appears that resolving the open decidability questions is 
not an end in itself, but a means for providing understanding and 
analytical tools for further questions of greater importance to the 
modelling of concurrent systems: 

- Which restrictions are to be imposed on the general case to keep 
the complexity within bounds, and yet be able to model as 
extensive a class of systems as possible? 

- Given suitable restrictions, which structural properties are 
important to an analysis of behavioural features of the system? 

- What analytical procedures are to be used to relate such 
behavioural features to the identified structural features ? 

But there are also direct reasons for studying these decidability 
questions. The motivation does not come from concurrent system 
modelling, but rather from Automata Theory, Formal Language Theory, 
and Discrete Mathematics. Several open decision problems in these 
areas are related to the decision problems for Petri Nets. Also, Petri 
Nets can be formulated as a mathematical theory so simple that every 
undecidability result is surprising, and may shed some light on the 
minimal requirements to produce undecidability. 

1.2 The Computer Science Motivation 

Since 1963 (Estrin and Turn [13], Karp and Miller [33]), various 
formal systems have been developed for the purpose of modelling 
Concurrent Systems or Parallel Programs. The objective has been 
to provide models capable of answering questions peculiar to the notion 
of concurrency, such as non-determinacy, deadlocks, competition for 
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resources, critical and noncritical races, etc. These behavioural 
questions can often be related to structural questions about the 
concurrent system, such as decomposition into interacting components, 
the existence of critical substructures, global and local structural 
constraints, and the like. 

The ease with which this modelling task can be accomplished depends 
heavily on two factors: Model transparency and analytical power. 
The first factor is the ability to relate structural features of the model 
to corresponding structural features of the concurrent system 
represented by the model. The second factor is the ability to use the 
model for answering questions about the concurrent system. It depends 
not only on the model itself, but also on the mathematical tools that are 
available to extract the desired information from th^ model. 

When modelling parallel programs, a distinction is usually made 
between data flow and control flow. Program Schemata treat this discip- 
line as a whole, and are used to answer questions about determinacy. 
functional equivalence, data access conflict, and the like. We wish to 
abstract further, and consider only the control aspect of parallel 
programs, i. e. the set of possible execution sequences without regard to 
the functional composition involved. For example, the control aspect 
of Karp and Miller's Parallel Program Schemata f 33] and of Slutz- Flow 
Graph Schemata [60] is analyzed by these authors using Vector Addition 
Systems. 

We have shown [1 8. 20] how Petri Nets and Vector Addition Systems 
can fully represent each other, and thus all questions concerning one 
system can be answered by studying the other. 

Among parallel programming language constructs are Dijkstra's 
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Semaphore operations [12] and communication primitives such as fork 
and join. We shall only be concerned with the Semaphores and the 
position of the control loci in the various parallel processes; in a sense, 
we disregard all statements except P. V. _goto (or while, with an 
undeterminate predicate), create and ^uit. Semaphore systems can be 
represented by Petri Nets (R. C. Holt. 1970 [29]; Patil. 1971 [51]); 
other references on the use of Petri Nets to represent parallel program 
control are [37. 38. 58. 59]. Here, the main problem of interest is the 
prevention of deadlock, a subject which has been extensively studied by 
R. C. Holt [29]. This corresponds to the Liveness Problem for Petri 
Nets, which is one of the open decision problems we study in this thesis. 

Another field where Petri Nets have been useful is that of Asynchronous 
Control Structures (Dennis [ll]). Some formalisms correspond to restric- 
ted classes of Petri Nets (Patil. 1969 [481 Bruno and Altman, 1971 [5]; 
Jump and Thiagarajan. 1972 [31, 32]); some are slight variations (Patil, 
1970 [49]; Noe and Nutt, 1972 [45]; Grandoni and Zerbetto, 1973 [l5]);and 
others are quite general, such as Keller's Transition Systems and Vector 
Replacement Systems [34]. An extensive bibliography is given by 
Miller [42]. who has also studied the relationship between some of these 
formaUsms [43]. The interconnection of Asynchronous Modules by 
buffers has been studied by Patil [50]; such interconnections already 
generate structures with the complexity of Petri Nets in their most 
general sense. Problems of deadlocks are also important here; in 
addition, we would like to determine if a particular control state can be 
reached from some initial state. This is the Reachability Problem . 
This problem turns out to be the central decision problem, and it is not 
known whether it is decidable or not. Indeed, we do not know, in 
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general, whether the set of control states reachable from some initial 
configuration of the system is recursive or not. 

To the extent that Petri Nets can represent the various formalisms 
presented so far. the decision problems for Liveness and Reachability 
are of concern to the computer scientist. But his main motivation in 
studying these problems is the insight this study may give into the 
structural and mathematical properties of his formalisms, as mentioned 
in the previous section. 

1.3 The Mathematical Motivation 

Vector Addition Systems - and therefore Petri Nets - turn up in 
several areas of automata theory and formal language theory. Minsky 
defined Program Machines (also known as Register Machines or Counter 
Automata) [43]. which consist of a series of counters and a finite control 
which can increment or decrement individual counters and test individual 
counters for zero. If we have non- deterministic control and drop the 
zero-testing capability, we get a class of automata equivalent to Vector 
Addition Systems, which we call Weak Counter Automata (24]. (Baker [4 ] 
calls them Restricted Nondeterministic Counter Automata. ) They are 
intimately related to the notion of weak computability as defined by Rabin 
[ 4 . 56]. Whereas Minsky's Counter Automata can compute any partial 
recursive function (the arguments are the initial values in a set of input 
counters; the result is the contents of an output counter when the 
automaton halts). Restricted Nondeterministic Counter Automata can 
weakly compute a large class of arbitrarily fast growing monotonic 
primitive recursive functions - in particular, polynomials with non- 
negative integer coefficients (the output in a weak computation is the 
upper bound on the contents of the output counter over all possible (non- 
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deterministic) computations starting on a given input). This fact has 
enabled Rabin to prbve the first known undecidability result about Vector 
Addition Systems. Following Rabin, we shall present the notion of 
weak computation by Petri Nets (Chapter 6). which we use to prove 
Rabin's result (Chapter 7) as well as some of our own undecidability 
results (Chapter 10). 

The similarity between Petri Nets and Counter Automata can also 
be used to show how simple modifications to the firing rule, such as 
"zero-testing" arcs or "priority" firing rules, can dramatically increase 
the power of Petri Nets to equal the power of Turing Machines 
(Agerwala [2 ], Hack [24]). Many results in complexity theory about 
Vector Addition Systems and Petri Nets are also based on this relation- 
ship (Cardoza [q ]. Lipton [39]). 

Van Leeuwen [ 63] has also studied the Reachability Problem for 
Vector Addition Systems, and points out that it is related to the recursive- 
ness problem for Matrix Context-Free Languages, which differ from 
ordinary Context-Free Languages by the fact that the rules of the 
grammar are grouped in "Matrices", and all rules in one matrix must be 
applied in sequence, or else the matrix cannot be applied at all; the 
empty string is also allowed as a replacement for a nonterminal (other- 
wise the language would be trivially recursive). Also see Abraham [ l ], 
Crespi-Reghizzi and Mandrioli [ 9 ], Van Leeuwen [62] . This is one 
example where decidability itself is an issue: Any proof of the decida- 
bility or undecidability of the Reachability Problem for Petri Nets will 
also settle the emptiness and recursiveness problems for Matrix Context- 
Free Languages and, conversely, further research in that area may 
settle the Reachability Problem as well as the various Petri Net problems 
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that will be shown to be recursively equivalent to it. 

There are in fact several ways in which Petri Nets are related to 
Formal Language Theory. As pointed out by Keller [ 34] and Crespi- 
Reghizzi [ 9 ], a Vector Addition System (in fact, a slight generalization 
thereof, due to Keller) can be considered as a commutative Semi-Thue 
system, and vice versa. A path in the Vector Addition System, or a 
control sequence in a concurrent system modelled by a Petri Net, 
corresponds in the Semi-Thue system to a derivation generating the 
vector or control state reached by that path or sequence. 

A different approach has been taken by Baker [3 ], Peterson [52] and 
this author [24], Instead of looking at the Petri Net as a grammar, let 
us look at it as a language-generating device. Each event occurrence - 
in addition to changing the control state of the system - also generates 
a symbol from some alphabet. We shall study the decision problems 
associated with these "Petri Net Languages" in Chapters 8, 9 and 10. 

Another mathematical system equivalent to Petri Nets is the study of 
sets of integers closed under sets of linear relations of the form 
^a, b " f ^' y> I ax = by] for integers a, b, x, y. Thus, the Reachability 
Problem is decidable iff , for any finite set of pairs of integers <a., b.>, 
the closure of the set {2} under the linear relations R . » as defined 

CL.. Da 

1 1 

above, is effectively a recursive set. (Hack, 1973 [19]) 

Vector Addition Systems themselves can be formulated in the language 

of the mathematician. Let A be a commutative (additive) semigroup. 

2 
A relation R c A is said to be compatible iff v a € A; <x, y> 6 R =» 

<x+ a, y+ a> € R. The object is to study subsets of A closed under 



* — — 

"iff is a common abbreviation for "if and only if. 
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compatible relations. If A is finitely generated and finitely presented, 
and R has a finite number of minimal elements, we get Vector Addition 
Systems (Hack, 1974 [22]). Keller [34] and Van Leeuwen [63] have 
also pointed out that a restricted form of the Reachability Problem is 
related to the word problem for finitely generated and finitely presented 
commutative semigroups, and Cardoza [ 6 ] has studied this problem in 
terms of its computational complexity. 

These examples show the possible impact of a solution of the decida- 
bility problems for Petri Nets. In contrast to the computer scientist, 
the mathematician may benefit from this result directly, and may be 
uninterested in the relationship to the behaviour of some underlying 
concurrent system. 

We do in fact take this point of view in some of our proofs, where we 
use transformations which do not significantly change the set of reach- 
able control states of some modelled concurrent system, but which 
behaviour ally correspond to a total elimination of concurrency. 

On the other hand, existing mathematical results in, say, the theory 
of commutative semigroups, may be helpful in some of our future proofs 
(for example, the first order theory of a given finitely generated commuta- 
tive semigroup has been shown to be decidable by Taiclin [61]). 

1.4 Object of this Thesis 

In this section we shall briefly describe Petri Nets in the form in 
which they are used most frequently. But, before proceeding, we would 
like to state our bias in the approach to Petri Nets presented in this 
thesis. 

Different people may have widely different views as to what 
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constitutes a Petri Net. To Carl Adam Petri, the Nets that we - and 
the computer scientists and mathematicians mentioned so far - use are 
only a very restricted interpretation of a much more primitive and 
general concept ultimately rooted in topology [55]. a concept which at its 
coarsest level expresses the duality between actor and action, and at the 
finest level projects this duality into a geometry of the universe not 
unlike Minkowski's world lines and the conceptual pair force vs motion. 
Our intentions are much less ambitious. We may use the semantic 
interpretation of concurrent systems modelling to motivate the various 
problems we wish to study, but in effect we wish to regard a Petri Net 
as a mathematical object, which can be defined and represented in a 
number of ways, depending on which properties of the model we wish to 
study. Thus, our vocabulary will be mainly that of sets and relations, 
although we also freely use the mental image of the Petri Net as a 
dynamic object, where things happen (occur), as in a concurrent system 
for example. This is actually the same attitude as that of a 
mathematician studying automata theory. 

A Petri Net, as defined by Holt in 1970 [28], is a directed bipartite 
graph whose two vertex types are places, drawn as circles, and 
transitions, drawn as bars. This graph represents the structure of a 
concurrent system to be modelled: Certain collections of places may 
correspond to specific components in the system. The transitions then 
correspond to certain actions in the system which involve those 
components that contribute the places to which a transition is attached. 

The state of a system component is described by a distribution of 
markers, or tokens, in the places corresponding to that system 
component; the occurrence of some action, which changes the state of 
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certain components, is modelled by the firing of a transition. This is 
done as follows: 

A marking for a Petri Net is a function which assigns a non-negative 
integer to each place in the net; it can also be visualized as a vector of 
non-negative integers, each dimension corresponding to a specific place 
in the net. The marking expresses the distribution of markers over the 
places in the net at a given time: it indicates the number of tokens 
(possibly zero) on each place (drawn as dots inside the circle). 

A transition is said to be firable iff every place which (in the directed 
bipartite graph) is connected to that transition by an arc pointing to the 
transition (input place of the transition) contains at least one mat-ker. 
This expresses the system situation where the local configuration is such 
that all resources or enabling conditions for the action represented by 
the transition are available. A firable transition may fire; this changes 
the marking by removing one marker from each input place, and adding 
one marker to each output place (i. e. places connected to the transition 
by an arc pointing to the place). This models the occurrence of the 
enabled action in the system, and expresses the corresponding local 
change of configuration. In the case of a Petri Net used to recognize or 
generate a Petri Net Language, this transition firing can also be thought 
of as reading the corresponding symbol from an input tape, or printing 
the symbol on an output tape. 

All our results will in fact be proved for the class of Generalized 
Petri Nets, which differ from the Ordinary Petri Nets described above 
only in the fact that the underlying graph is a directed bipartite multi- 
graph, i. e. there may be a bundle of one or more arcs from a given 
place to a given transition, or from a transition to a place. The firing 
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rule is such that each arc carries one token, so that a transition requires 
a token for each input arc to be enabled, and may remove or deposit 
several tokens in one place when it fires. 

A simulation of the model then consists of a sequence of transition 
firings leading from a given initial marking to some reachable marking. 
The reachability set (also called marking class ) is precisely the set of all 
markings that can be obtained after some firing sequence from a given 
initial marking. 

The Reachability Problem (RP) is the problem of deciding whether a 
given marking is reachable (is in the reachability set) in a given Petri 
Net with a given initial marking. That is to say, in the concurrent 
system modelled by the Petri Net, we would like to know whether a 
particular configuration of the system can ever occur during operation. 

The Reachability Problem refers to the total system state. Often a 
more meaningful question is whether a certain part of the system can 
ever be brought into a given local configuration by a sequence of actions 
starting from the initial configuration. In the Petri Net we ask whether 
any marking whose restriction to a given subset of the places is given 
can be reached from the initial marking. This is the Submarking 
Reachability Problem (SRP). 

A special case of the RP is the Zero Reachability Problem, or ZRP, 
which asks whether all tokens can be removed from the net by some 
firing sequence. A special case of the SRP is the Single-Place Zero 
Reachability Problem , or SPZRP: does there exist a reachable marking 
in which a given place contains no tokens? Surprisingly, this very 
particular form of the Reachability Problem is recursively equivalent to 
the full Reachability Problem. When modelling a concurrent system. 
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this is the question of whether a given buffer can ever be emptied, or 
whether a given semaphore will ever reach zero and thus cause some 
process to become dormant on a P operation on that semaphore. 

These Reachability Problems are studied in Chapter 4. 

It can also happen that a system reaches a state after which two 
actions must wait for each other, creating a partial deadlock that cannot 
be resolved by any sequence of the remaining actions. Alternatively, 
some non-renewable resource may run out, also disabling a certain 
portion of the system. This situation is expressed in the Petri Net by a 
set of non-live transitions ; A transition t is non-live iff a marking can 
be reached from which no firing sequence ever firing t is possible. A 
live transition thus has the property that, no matter what firing sequence 
has occurred so far, the transition can always eventually be fired again. 
A Petri Net is said to be live iff every transition is live. 

The Liveness Problem (LP) is the problem of deciding, given a Petri 
Net and an initial marking, whether the net is live. The Subset Liveness 
Problem (SLP) asks whether a given transition (or set of transitions) is 
live. 

Another important notion is that of persistence . A transition is said 
to be persistent iff the only way it can become disabled is by firing; no 
other transition firing may disable it. This corresponds to the notion 
of an irreversible commitment to perform a certain operation - once the 
decision is made to execute, nothing can remove the conditions which 
permit the planned operation but its own execution. The persistence 
problem (PP) is the question of whether a Net is persistent, i. e. whether 
all transitions are persistent. It is of course reducible to the SPP, 
which is the same question for a subset of transitions, or a single 
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transition. 

We shall show (in Chapter 5) that all problems mentioned so far are 
recursively equivalent to each other, except for PP which is only known 
to be reducible to the others, via SPP. This may be because persistent 
Petri Nets have special properties - in particular the LP, when 
restricted to persistent Petri Nets, is decidable. It is not known yet 
whether PP itself is decidable or not, but we have some partial results 
which lead us to believe that PP is decidable, and that RP is decidable 
for persistent nets. 

In fact, in Chapter 11 we shall present some circumstantial evidence 
to support our stronger conjecture that RP, and with it all problems 
mentioned above, are decidable. 

Only one undecidability result was known for Petri Nets: Rabin's result 
on the undecidability of the Inclusion Problem for Reachability Sets. We 
shall add to this the undecidability of the Equality Problem for Reachability 
Sets (Chapter 7) and of the Equivalence Problems for various Petri Net 
Language families (Chapter 10). 

We shall also consider the emptiness and membership problems for 
Petri Net Languages; these problems turn out to be either decidable or 
equivalent to RP (Chapter 9). 

1 . 5 Previous Work <, 

Practically all previous work done on the decision problems we are 
interested in has been done for Vector Addition Systems. 

Vector Addition Systems were developed by Karp and Miller in 1966 
to establish decidability results about their Parallel Program Schemata. 
In particular, they proved the decidability of boundedness and cover- 
ability for Vector Addition Systems [33]. (An improved version of this 
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proof, adapted to our purposes, will be presented in Chapter 3. ) At the 
same time, M. Rabin studied the relationship between Reachability Sets 
and Semilinear Sets (Parikh. [46]). He concluded that there are non- 
Semilinear Reachability Sets, and proved that the Inclusion Problem for 
Reachability Sets (Is the Reachability Set of one VAS a subset of that of 
another VAS? ) is recursively unsolvable. This proof was simplified in 
1972 in response to Matijas'evic's proof of the undecidability of Hilbert's 
10th Problem [26,40]; an account of this can be found in Baker [4 ] and 
Hack [20]. We include an improved version of this proof in this thesis, 
because our own undecidability proofs use the same central idea of 
"weakly" computing polynomials (Chapters 6 and 7). 

R. Keller discussed various decision problems for his Vector Replace- 
ment Systems [34], and considered cenain restrictions under which the 
Reachability Problem would be decidable. He studied the Liveness 
Problem and showed, in particular, that the related problems of infinite 
firability and potential firability are decidable, and that Liveness is 
decidable for persistent nets. He also conjectured that the Liveness 
Problem was reducible to the Reachability Problem; we shall prove this 
conjecture (and its converse) in Chapter 5. 

J. Van Leeuwen, using geometrical arguments, also proved certain 
decidable subcases of the Reachability Problem [63] by establishing the 
semilinearity of certain projections of Reachability Sets; he proved that 
all 3 -dimensional Vector Addition Systems have Semilinear Reachability 
Sets. 

B. O. Nash published the reducibility of the Reachability Problem to 
the reachability-of-zero and the reachable-from-zero problems [44]; we 
discovered a slightly stronger result (presented in Chapter 4) independently 
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at about the same time [20], 

J. L. Peterson [52] studied one of the families of Petri Net Languages 
we consider in this thesis. Our own work on Petri Net Languages is 
reported in [24], and some new results can be found in [25]. In this 
thesis we dwell only on the decidability questions raised by Petri Nets as 
language generators (Chapters 9 and 10). and on the definitions and 
properties required for this purpose (Chapter 8). 

The relationship between Petri Nets and other formalisms has been 
studied by many people, including Keller [34], Peterson [52], Peterson and 
Bredt [53] , Miller [42.43], Lipton [38], etc. 

Finally, let us mention some recent results about the complexity of 
various decision problems. Most problems are very difficult to decide. 
In fact, Lipton [39] has shown that both Reachability and Boundednesstake 
at least Exponential Space to decide. The least known upper bound on the 
complexity of the Boundedness Problem is Ackermann's Function. The 
complexity of some Petri Net decision problems is studied in a paper by 
Jones and Lien [301 

(Added in May 1976:) 

The first non-contrived problem whose complexity is non-primitive 
recursive arises from Petri Nets: Given two bounded Petri Nets, do thev 
have equal reachability sets? It is reported in cardoza. Lipton and Meyer: 
Exponential-Space Complete Problems for Petri Nets and Commutative Semi- 
groups .Proceedings of the 8th Annual ACM Syn^osium on the Theory of Com- 
puting, Hershey, Pa., May 1976. jr « v,om 

«n ^;/™^ f?' °5 ^°""'^°> has also been able to improve the upper bound 
?L hon^n ^""^ ^ °l'^^ Potential Liveness Problem, which is related to 
the boundedness problem, to space nl , down from Ackermann's function. 
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CHAPTER 2 
BASIC DEFINITIONS AND PROPERTIES 

2. 1 Generalized Petri Nets 
Definition 2.1 ; 

A Generalized Petri Net (GPN) N = <n, E. F, B. Mq> consists of the 
following: 

1. a finite set of places, 11 = {p., ..., p } 

2. a finite set of transitions, L= {t., .... t„3 disjoint from 11 

3. a forwards incidence function, F: 11 x E -» IN (IN is the set of 
non-negative integers) 

4. a backwards incidence function , B: 11 x E -♦ IN 

5. an initial marking, M^: 11 -♦ IN 



A GPN Is represented graphically as follows: 

1. places are represented by circles 

2. transitions are represented by bars 

3. circles and bars are connected by bundles of arcs : if £ is a place 
and t^ is a transition, and F(p. t) = 3, we have a bundle of 3 arcs 
going from p to t; 3 is the size of the arc bundle. 

4. a marking is represented by drawing a number of tokens into a 
place, or writing the number. 

The graphical representation of a GPN is thus a directed bipartite multi- 
g^^P^ wi^ a marking. When we draw a bundle of arcs we expect each 
fibre to carry along one token when a transition fires. The firability of 
a transition is thus defined as follows: 
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Definition 2.2 ; 

(a) A transition t is said to be firable iff for every place p € 11 
we have M(p) ^ F(p, t). Since this is always true when 
F(p, t) = we need to inspect only the input places of 
transition t, i.e. those for which F(p,t) > 0. 

(b) If a firable transition fires, it changes the marking by 
removing F(p, t) tokens if p is an input place and by adding 
B(p, t) tokens if p is an output place (B(p, t) > 0). The new 
marking M' is now such that: 

Vp: M'(p) = M(p) - F(p,t) + B(p.t) 



Usually, the sets of places and transitions are indexed, i. e. 
n = {p. I 1 s i s r} and L = {t. 1 1 s j ^ s}. In this case, it is useful to 
represent markings as vectors in DST^, where the i^*^ coordinate of vector 
M is the number M(pj). In this context, we associate with every 

transition t. its input vector F(t.) and its output vector B(t.), where the 

th *' 

i coordinate of F(t.) and B(t.) is F(p..t.) and B(p..t.), respectively. 

J J •*" J ^ J 

Now we can interpret the firing of transition t as a relation 
M[t>M' which says "transition t is firable at marking M and the firing 
leads to marking M'", such that: 

M[t>M' « M 2: F(t) & M' = M - F(t) + B(t) 

A firing sequence can now be defined as a sequence of transition 
names (or a string a in S ), such that each prefix leads to a marking at 
which the following transition is firable. Thus, Figure 2. 2 shows the 
result of firing t^ in the Generalized Petri Net of Figure 2. 1. Since t-. 
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is firable at that new marking, tgtg is a firing sequence. Note that t^t„ 
is not a firing sequence, since tg is not firable at the initial marking. 

The dynamic aspects of the Generalized Petri Net N can now be 
described by the set of firing sequences S„(M-) starting at the initial 
marking Mq, and by the set of reachable markings Rj^(Mg), i. e. the 
markings M' such that some firing sequence a 6 S^(M ) leads from M 
to M' (also called reachability set ) . This we write as MQ[a>M'. where 
the relation [ct> is defined as the composition of the relations [t.> for the 
transitions t. as they occur in the string, so that composition for the 
relations corresponds to concatenation for the strings of transition 
names. 

Formally, we have: 
Definition 2.3t 

A firing sequence from marking M to marking M' is represented 

by a string of transition names ct € L*such that: 

(a) M[X>M (where X is the empty string) 

(b) M[t>M' « M 2 F(t) & M' = M - F(t) + B(t) 

(for a string of length one) 
(c)Mpt>M' «» aM" € IN^: M[cr>M" & M"[t>M' 

(recursive definition) 



Given a "final" marking M^ we also define the set of terminal 
firing sequences Tjj(Mq. M^) which contains all those firing sequences 
which lead from M- to M-. 

We summarize these concepts in: 
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Definition 2 . 4 ; 

Given a Generalized Petri Net N with initial marking M and 
final marking M „ ; 

The reachability set is R^j^M^) = [m SlN'^pa € L* : MQ[a>M) 
The set of firing sequences is Sj^(Mq) = {cr 6 L* | i M' € JN^-. 



The set of terminal firing sequences is T (M-, M J = 



MQ[a>M'3 



[or € L |MQ[a>Mp 



Clearly. T^(Mq, M j) £ S^(Mq) and M^ ^ ^^(M^) « T^^^Mq. M^) = 0. 
We notice that: 

MQ[a>M => a € ^^^Mq) & M € Rj^(Mq) 

Just as the marking F(t) is the smallest marking at which a given 
transition t is firable, there is a smallest marking at which a given 
firing sequence is firable. We call this the hurdle of the firing 
sequence: 
Definition 2.5 ; 

Let or € L be an arbitrary firing sequence. 

(a) The smallest marking at which a can be fired in its entirety 
is called the hurdle H(CJ) of the firing sequence. 

(b) If M[CT>M', then M' - M is called the marking change A(CJ) of 
the firing sequence. 



It is easy to see that there is indeed a unique smallest marking at 
which a firing sequence a is firable. This is because each coordinate 
of H(cr) can be calculated independently. 
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Let us define the componentwise max of two vectors as the 
vector V" = max (V, V). where 

V"{i) = ifV(i)^V(i) then V(i) else V'(i) 
Then we can calculate the hurdle (and also the marking change) 
of a firing sequence a recursively as follows: 

H{at) = max (H(ct). F(t) - A(a)) 
Vt € L / 

' A(at) = A(a) - F(t) + B(t) 
Notice that H(a) e IN^ but A(a) € z''. Also, if there are no self-loops, 
then any firing sequence o fired from H(a) to H(a) + A(a) makes each 
coordinate reach zero at some intermediate (including initial and final) 
marking. If there are self-loops, a coordinate may "reach" zero 
"during" a firing, i. e. after removing F(t) but before adding B(t) for 
some transition. Finally, we observe the following effect of increasing 
the initial marking: 
Theorem 2. 1 ; 

Let W 6 IN^. 

(a) MQ[a>M^ =» (Mq + W) [a> (M^ + W) 

(b) Sj^(Mq) E Sj^ (Mq + W) 

(c) {M € in'' I (M - W) 6 Rj^(Mq)} c Rj^ (Mq + W) 

(d) Tj^ (Mq, Mp c Tj^ (Mq + W. Mj + W) 

Proof ; 

All four statements are manifestations of the containment property, 
which is most easily illustrated by distinguishing tokens due to M^^ 
from tokens due to W, and by not moving any tokens due to W. 

QED 



-35- 

2.2 Restricted Petri Nets 

In some caseis it is useful to restrict the definition of Petri Nets. 

Ordinary Petri Nets are GPN's where the size of arc bundles is restricted 

to one. This corresponds to Holt's original definition [17,28]. 

Selfloop-free Petri Nets have no pairs p, t that are both forwards and 
backwards connected, i. e. B(p.t) • F(p,t) = for all places p and tran- 
sitions t. Restricted Petri Nets ' (RPN) are Selfloop-free Ordinary 
Petri Nets: any place-transition pair is connected by at most one arc. 

The relations between these various restrictions and Vector 
Addition Systems are discussed in a more detailed manner in Hack [20]. 

2.3 Reachability, Coverability, Boundedness. Liveness 
and Persistence 

Definition 2 . 6 ; 

A marking M is said to be reachable in a Petri Net N with initial 

marking M^ iff: M € R^^ (M-). 
Definition 2.7 ; 

A marking M is said to be coverable in a Petri Net N with initial 

marking M^ iff: aM' e R^ (M^) : M' ^ M. 
Definition 2.8 ; 

(a) A place p^ is said to be bounded in a Petri Net N with initial 
marking M^ iff there exists an integer b. such that the number 
of tokens M(p.) at any reachable marking M never exceeds b.: 
M 6 Rj^ (Mq) =» M(p.) s b.. 

(b) A Petri Net N with initial marking Mq is said to be bounded 
iff every place is bounded. 



\ 



C. A. Petri calls these nets "Pure Petri Nets". 
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It follows that a Petri Net is bounded iff the reachability set 
^N <M^) is finite. 

Definition 2. 9 : 

A transition , is said to be potentially f.rahl. a, marking M in 
Petri Net N iff there exists a firing sequence starting at M which 
includes t. 



by: 



It is easy to see that potential firability is related to coverability 



t is potentially firable at M « F{t) is_coverablem Rj^(M) 



Definition 2. 10 ; 

A marking M is said to be t-dead (where t is a transition) iff 
transition t is not potentially firable at M. 



This is just another way of looking at potential firability. W, 
have: 

M is t-dead « F(t) is NOT coverable in R-,(M) 



or a 



N' 
A t-dead marking is the analogue of a hang-up state, 
"deadly embrace", in the context of concurrent systems. 
Definition 2. 11 ; 

(a) A transition t is said to be live in a Petri Net N with initial 
marking M^ iff it is potentially firable at every reachable 
marking, or equivalently. iff no t-dead marking is 
reachable. 

(b) A Petri Net N with initial marking M^ is said to be live iff 
every transition is live. 
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(c) A firing sequence which feabhes a t-dead marking is said to 
be a killing sequence (for t, or for the Net). 

In other words, no matter what happens, it is always possible to 
fire a live transition once again. 

We avoid speaking of "dead" transitions since the word seems 
equally suitable to describe a non-live transition or a not-potentially- 
firable transition. R. Keller suggests the word "immortal" instead of 
live, since it conveys a more precise image. The word "live" seems 
however to be the most widely used term for this concept in the Petri Net 
literature. R. C. Holt calls a live marking a "safe state" in the context 
of deadlocks in computer systems [29]. 
Definition 2. 12 ; 

(a) A transition t is said to be persistent in a Petri Net N with 
initial marking Mq iff the only way it can be disabled is by 
its own firing. 

(b) A Petri Net is said to be persistent iff every transition is 
persistent. 

Note ; 

This definition of persistence of a transition can lead to 
ambiguity in the case of self-loops. Suppose both transitions t and 
tg are firable, but the firing of to would, because of a self-loop, 
return at least as many tokens as were taken away from the input 
places of ty Can such a firing ever disable t. ? If we only look 
at reachable markings, it does not seem so. But the usual interpret- 
ation is that "tokens are removed before they are returned", because 
this interpretation is more consistent with certain interpretations of 
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concurrency and the notion of "set firings". 

This interpretation can be made precise by the following formula: 
t is persistent in R-^(Mq) o Vt' €E- {t); vM € R„(M-): 
(M ^ F(t) & M ^ F(t') =* M 2 F(t) + F(t')) 
In the other interpretation, where a self- loop could prevent non- 
persistence, we would have replaced the clause "M a F(t) + F(t')" by 
"M 2 F(t) + F(t') - B(t')". 

The notion of persistence is useful in the context of Parallel 
Program Schemata (Karp and Miller [33], for example), where a 
persistent operator, once it becomes enabled, stays enabled until it fires. 
Also, in a persistent Net one cannot make irreversible "mistakes" in the 
sense that if one tries to follow a given firing strategy and one fires the 
"wrong" transition, this "mistake" can be corrected because what was 
supposed to be fired can still be fired. (In Keller's terms [35], a 
persistent net has the "Church-Rosser property". ) The notion of 
persistence is also linked to the notion of "conflict-free" Nets. 

The following table (Figure 2. 3) illustrates the various concepts 
introduced so far as they apply to the example shown in Figure 2. 1. 

2. 4 Subnets and Submarkings 

In many cases we wish to restrict our attention to only a part of 
a given Petri Net. For example, one may ask whether it is possible to 
reach a marking consisting of exactly one token in each of two places, 
say p^ and p^, without specifying a desired marking for the remaining 
places. In that case, we speak of reaching a given "submarking" of 
places p. and p-. 
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For this purpose, we introduce the notion of a subnet of a Petri 
NetN=<n.L.F.B.M,>. wheren=^, ...,p^),„,2: = Ct,. .... g. 

A subnet is basically a subgraph, i. e. one selects a subset of 
the vertices - in this case, places and transitions - and all arcs that join 
the selected vertices - in this case, the restriction of the functions F. B 
and Mq to the chosen subset of their domain. 

To be mathematically useful, however, a subnet should have 
certain properties. A very useful property is the property of being 
closed. This is actually a topological property of bipartite graphs which 
has been studied as such by Petri [55]. but for our purposes (see also 
Hack [17.24]) the following definition will do: 
Definition 2. 13 ; 

A closed subnet of a Petri Net is a subnet consisting of a subset 
of the places and at least all transitions forwards or backwards 
connected to places in this subset. If only transitions connected 
to places in this subset are included in the subnet, then it is 
called a minimal closed subnet with respect to this subset of 
places; if the subnet contains all transitions of the Petri Net. it 
is called a maximal closed subnet . 
Notation; 

If P E IT is a subset of the places of Petri Net N = <n. L. F. B. M >. 
then the maximal closed subnet whose set of places is P is denotL^by' 
Np = <P. L. F.. B'. M- >. Where F- and B- are F and B restricted to 
P X E. and M-j is M^ restricted to P. 

Definition 2.14 ? 

A submarking of a Petri Ne, N is a marking of a subnet of N, 
i. e. a marking restricted to a subset of the places. 
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Notation; 

If P is a subset of the places, a submarking defined on these places 
is denoted by M/P and can be considered as a marking of Np. 

Definition 2.15 ; 

(a) Two markings M and M' agree over a set of places P if their 
restrictions to P are equal, i. e. if they determine the same 
submarking over P. We write this as: 

M = M' mod P « M/P = M'/P 

(b) Two submarkings M/P and M'/P' agree if they are equal on 
places common to both: 

M/P « M'/P' « M = M' mod (P n p') 

The notion of agreement is useful in a context where both 

markings and submarkings over various sets of places are referred to. 

In particular, a marking agrees with any of its submarkings in the sense 

of (b): 

M w M/P 

The notion of agreement also permits a concise formulation of the 
extension to submarkings of the various definitions of section 2. 3. 

It is often useful to refer to a submarking directly, without 
explicitly mentioning the set of places on which it is defined. In order 
to avoid confusion with markings, we use the generic letter V for sub- 
markings, so that we may write, for example: V = M/P, where M is 
some marking of which V is the restriction to P. Since in this notation 
the set P is not explicitly shown, we introduce the notion of support: 

Definition 2. 16 ; 

The support P(V) of a submarking V is the set of places over 
which V is defined, i. e. ; V = M/P =» P(V) = P. 
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Now we are ready to extend the definitions of section 2. 3 to 

submarkings. 

Definition 2.17 ; 

In a Petri Net N, a submarking V over a set of places P is said 
to be reachable from a marking M^ iff some marking M whose 
restriction to P is the submarking V is reachable in N from M^, 
i. e. some marking of which V is a submarking is reachable: 
V reachable in Rjj(Mq) » SM^V: M 6 Rj^(Mq) 

This is the formal way of defining the reachability of an 
incompletely specified marking, as in the example at the beginning of 
this section. 
Definition 2. 18 ; 

A submarking V is said to be coverable in a Petri Net N with 

initial marking M^ iff every marking of which it is a submarking 

is coverable; 

V coverablem Rj^(Mq) « VM w V aM' 6 Rj^(M ): M- 2 M 

Notice the subtle difference between the definitions of reachability 
and coverability as extended to submarkings. In the first case, the 
property is derived from some marking which agrees with the submarking. 
whereas in the second case, the property must be true of all markings 
which agree with the submarking. In the first case we speak of the 
weak extension of a property of markings to submarkings and in the 
second case we speak of strong extension. The choice is dictated by the 
usefulness of the resulting concept. Definitions 2. 17 and 2. 18 define - 
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in more precise terms - weak reachability and strong coverability of 
submarkings. 

The strong reachability of a submarking might be an interesting 
property, but we have not found enough interesting applications to study 
it further. It is a non-trivial extension of the notion of reachability, and 
we have as yet no evidence that it might be reducible to reachability. 

On the other hand, weak coverability is simply an instance of 
ordinary coverability of a marking which agrees with the given 
submarking and is zero on the places on which the submarking is not 
defined. 

In the following definitions, the choice of the weak or of the strong 
extension of various concepts is dictated by similar considerations. 
Definition 2. 19 ; 

Transition t of a Petri Net is firable at submarking V iff t is 

firable at some marking M which agrees with V: 
t firable at V « SMwY: M ^ V(t) 

Definition 2.20 ; 

Transition t is potentially firable at submarking V iff t is 

potentially firable at some marking M which agrees with V: 

t potentially firable at V » a M w V: t potentially firable at Al. 

It is easy to see that a transition is firable at submarking V iff it 
is firable in Np.^v at V, where V is now the marking of the subnet Np,„. 
on whose places P(V) the submarking is defined. 

From Theorem 2.2, proved later in this section, it will follow 

that this is also true for potential firability. 

——— _ _ _— 

In Van Leeuwen [63] weak reachability means coverability. 
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We can rewrite Definition 2.20 in terms of t-deadness: 
Definition 2.21 ; 

A submarking V is said to be t-dead for a given transition t iff 
every marking which agrees with V is t-dead: 
V t-dead » VM«V: M t-dead . 

We notice that the negation of a weak extension (Definition 2.20) 
is a strong extension (Definition 2.21). 

In the case of liveness. neither the weak extension nor the strong 
extension to submarkings seems to be a useful concept, partly because 
there is no clear relationship between liveness in a subnet and liveness 
in the whole Petri Net. The same holds for persistence. 

2. 5 Vector Notation for Submarkings 

The vector notation for markings was based on a certain indexing 
of the set of places, namely H = {p^. Pg. . . . , p^.] . If we now study sub- 
markings over the set P = [p^.p^], for example, should we use vectors 
with two coordinates or vectors with r coordinates where r-2 coordinates 
are "undefined"? The second alternative has the advantage that the 
vector notation also carries information about the support of the sub- 
marking, namely those coordinates which are defined. 

We therefore include a new symbol, w, to denote the "value" of 
undefined coordinates in a submarking. Since we carry out additions, 
subtractions and comparisons with vectors, we must extend these 
operations to the symbol. We would expect that adding (or subtracting) 
something to (or from) an undefined quantity would yield an undefined 
quantity, i. e. ui again. But what about order? It turns out that the 
following rules for dealing with CO are not only consistent with our 
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intended use of submarkings, but that thiey provide a useful mathematical 

structure to the set of vectors over the non- negative integers 

augmented by the new symbol to, which we denote by O, i. e. fl = IN U [co] . 

Definition 2.22 ; 

The augmented set of non-negative integers is the set 
O = IN U i(ti], where U) is an element which behaves like an 
integer larger than any given integer and is characterized by: 
Vn€lN: W7^n&w^n&a)+n = a)&aj-n= co& 
w+cu =a)-u) = CO 



Now we represent submarkings as follows: 
Definition 2.23 ; 

A submarking M/P over a subset of places P £ [p. 1 1 ^ i s rj 
(r e IN) is represented by the vector V £ Ci^ whose i^^ 
coordinate equals M(p.), the i^^ coordinate of M, if p. € P; 
otherwise it is CO; 

(1 ^ i i r); V(i) = ifpj € P then M(p.) else CO. 



The usefulness of this definition appears when the definition of 
transition firability for submarkings is rewritten in terms of vectors 



over n : 



t firable at V o V 2: F(t) 



This is of course just like the corresponding definition for markings. 

This notation also gives us a way of talking about firing sequences 
and reachability in a subnet in the same context - and place indexing - as 
in the whole net. Let Np be the maximal subnet of N defined by the sub- 
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set of places P c n. Let V. V be markings of N^ (i. e. submarkings of 
N whose support is P). Then we write: 

V[t> V o V ^ F(t) & V. = V - F(t) + B(t) 

V[X> V, for X = the empty string 

Vrat>V « av" e a^: V[or>V & V"[t>V., Where a 6 L*. 
Also, if H(a) and A(a) are the hurdle and the marking change (Definition 
2. 5) of CT, then: 

V[a>v « V^H{a) & V'=V + A(a) 
Notice that the above relations require that the supports of V, V and V 
be equal: P(V) = P(V') = P(V"). 

Now we can define a subnet reachability set: 
Definition 2.24 : 

(a) Let Vq be a submarking of support P in a Petri Net N. Then 
the subnet reachability «Pt for the initial submarking V^ is 
the reachability set of the subnet N^. which is written as: 

(b) The notions reachable in U^jV^ coverable in R^^ (V^ 
bounded in n ^lV^h etc. . all refer to the corresponding 
concept in the subnet Np. .. 



It is important to note that even if V^ ^ M^. titen V 6 Rj^(v ) 
does not imply that V is reachable in N from M„ according to 
Definition 2. 17. It only expresses reachability in the subnet Np. where 
some constraints, due to places in n-P, have been removed. But the 
converse is true: If V is reachable in N from M^ and V„ is M^ 
restricted to the support of V (i. e. V^ = M^IP(vn. then V 6 R^(v„). 
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This can easily be verified from Definition 2. 17. 

On the other hand, suppose that V 6 R„(Vq), and let Vq [a> V. 
As we have seen, this implies V^ ^ H(a). if we now choose M to agree 
with Vq on its support P and to agree with H(0) on the complement 11 -P, 
i.e. Mq «* Vq & Mq «« H(a)jiia^(n-P), then M^ ^ H(ct), and hence a 
is firable at Mq and MQf(T>M, where M = M^ + A(ff). Since V = VQ + A(a) 
and Mq w Vq, it follows that M « V. 

We summarize these facts in: 
Theorem 2.2 ; 

(a) If submarking V is reachable from the initial marking M-, 
then V is reachable from the initial submarking V-., where 
Vq agrees with Mq and has the same support as V: 

V reachable in R„(Mq) => 

3Vq 6 O^: Vq « Mq & P(V) = P(Vq) & V € Rj^(Vq) 

(b) If a firing sequence ff leads from submarking V- to 
submarking V (of same support), then there exist markings 
Mq and M, agreeing with Vq and V respectively, such that a 
leads from Mq to M: 



Vq,V €0^ Vq[ct>V =» 

SMq, M e IN^: (Mq s, Vq & M « V & MQ[a>M) 



(c) V € R^(Vq) 



aiV^, M: (Mq « Vq & M « V & M 6 Rjg(MQ)) 



A useful application of Theorem 2.2 is the following characteriza- 
tion of coverability in a subnet (cf. Definition 2.24(b)): 
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Theorem 2.3: 



Submarking V is coverable in Rj^(Vq) if and only if for every 
marking M which agrees with V, there exist markings M_ and M' 
such that Mq agrees with Vq, M' exceeds M, and M' is reachable 



from Mq. 



In other words, the following three statements are equivalent: 



(1) V is coverable in Rjj(Vq). 



(2) P(V^) = P(Vq) & V^ « V - aVg € R^(Vq): Vg ^ V^ 
(3)M«V =» SMq,M': Mq«Vq & M'^M & M' 6 Rj^(Mq) 



Proof: 



(a) Statement (2) is the formal definition of coverability in a subnet, 
as it follows from Definitions 2. 7 and 2.24(b). Thus (1) and (2) are 
equivalent by definition. The subnet is defined by the support 

p = p(Vq) e n. 

(b) (2) =» (3): 

Let Mj be an arbitrary marking such that M. w V, and let V, = 
Mj/P, i. e. the restriction of M^ to the subnet defined by the support P 
of Vq. By hypothesis (2). there exists Vg € Rj^CVq) such that Vg ^ V . 

By Theorem 2.2(c), Vg € R^^Vq) implies the existence of 
markings M^ and Mg such that Mq « V^ and Mg « Y^ and M^ 6 Rj^(Mq). 

Now let W be a marking which is zero over all places of the subnet, 
and which agrees with M^ over all other places: (cf. Definition 2. 15). 
WwOmodP & W«M mod(n-P) 

Then we have: 

Mq + W « Vq ) 

) because W ss mod P 
M2 + W « V2 ) 

Mg + W s Mj because W ^ M mod (II-P) and V- s V, 
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Finally, by the containment property (Theorem 2. 1(a) or (c)): 
(Mg + W) 6 Rj^(Mq + W) 



If we write M' 


= 


^0 


+ W 


M' 


= 


Mg 


+ W 


M 


= 


^1 




we have shown that: 







(2) & M « V =» M|j ft< Vq & M' 2 M & M' € Rja^^O^ 

i.e. (2) =» (3). 
(c) (3) ^ (2) 

Let Vj be an arbitrary submarking such that V. « V and 
P(V^) = P, and choose some marking M which agrees with V. , i. e. 
V^ = M/P. Then M also agrees with V. By hypothesis (3), there 
exist markings Mq and M' such that M_ w V and M' ^ M and 
M' € Rj^(Mq). 

Now let Vg be the restriction of M' to P, i. e. Vg = M'/P. Since 

^0 " ^0^^' ^® ^^'^^ ^2 ^ ^^^0^ ^® ^ consequence of M' 6 R (M ). 

But now M' s M implies M'/P a M/P, i.e. V_ ^ V, . We have 

^ 1 

shown that: 

[(3) & (Vj « V & P(Vj) = P(Vq))] =» Vg € Rjg(VQ) & Vg ^ V^ 
i.e. (3) =» (2). 



QED 



2 . 6 Some Mathematical Properties of the Set Vectors 
Over the Augmented Integers, O 

Some of our proofs will require certain results about sets of 
vectors in fl . These results are collected in this section, and the 
proofs can be found in the Appendix. 

Recall that O = IN \j [ui], where u) satisfies the following 
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( Definition 2.22): 

Vn €IN: w?^n & w^n & a)+n=u)& aJ-n=uJ&u;+ttJ-.uj-u} = u> 

The relation (V ^ V & V ?^ V) is abbreviated as V > V, The 
relation of agreement (Definition 2. 15) between vectors V, V € Q^ can 
be expressed as: 

V « V » (Vi. l^i^r: V(i)+ V(i)?^u) => V(i) = V'(i)) 

For the partial order relation «, the set JN^ is a la ttice and the 
set is a complete lattice, where every subset A c O^ has a unique 
least upper bound W = lub (A) where W € O^ and: 

(yv € A: V s W) » W s W 
Definition 2. 25 : 

A chain C c Q is a subset which is totally ordered under i, i. e. 
C = {Vq. Vj. . . . V^. . . . J and Vj^j > V^ (for all j if C is infinite. 



or up to j = |C| - 2 if C is finite). 
Definition 2. 26 : 

A subset AC O^ is chain- complete iff, for every chain C £ A, 
its least upper bound is an element of A: lub (C) € A. 

Since O^ is a complete lattice, the lub exists for every chain. In 
IN . however, infinite chains do not have a lub in ]N^. 

Definition 2.27 : 

A subset A c O^ is monotone iff W € A: V s v =» V € A 

An example of a monotone set is the set of all vectors less than 
some vector from some given finite set. In fact, we shall se that every 
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monotone set can be expressed in this form. 
Definition 2.28 ; 

For a set A c CI , its set of maximal elements A is the set: 

A = {V e A I ;« V 6 A: V > V} 

Definition 2.29 ; 

For a set A c O , ns chain- completion A^ is the smallest chain- 
complete set containing A. 



The theorems we shall require are; 
Theorem 2. 4; 

(a) Every infinite subset of O^ contains an infinite chain. 

(b) Every set of mutually incomparable vectors in O^ is finite. 
Theorem 2. 5; 

If A c O is monotone and chain- complete, then its finite set of 
maximal elements A is uniformly reducible to A, and it 
characterizes A as follows; 

A = (V 6 O'' I av 6 A ; V s V} 



By the uniform reducibility of A to A we mean that any procedure 
for testing membership in A can be effectively used to completely 
generate the finite set A = {V. 1 1 ^ j < k} where k is the size of A . 
Technically, there exists a partial recursive function which computes a 

A 

canonical index for A from a characteristic index for A (Rogers, [57]). 
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Theorem 2. 6; 

The chain^completion of a monotone set A c O^ is monotone and 
consists exactly of the least upper bounds of all chains in A. (If 
A c IN , then A - A consists exactly of the least upper bounds 
of all infinite chains in A. ) 

Note: 

Every element of A is the least upper bound of a one- element chain, 
and thus is included in A^. 

Theorem 2. 7 ; 

The chain- completion A of a monotone set A c jn^ jg such that: 
A° = {V € O^ I VV € IN^: V « V =» V € A) 

Theorem 2. 8 ; 

If A c isr is monotone, then there exists a finite set 
[Vj, . . . , V^} = A , uniformly reducible to A^, such that: 

A = {V eZN"" I V ^ V or V ^ V„ or ... or V s v ] 

J. i — — K 

Finally, let us mention a few results about semilinear sets . 
Semilinear sets were introduced by Parikh [46] to study certain problems 
in Formal Language Theory, and more recently have become useful in 
investigations about Vector Addition Systems (Van Leeuwen. [63]) and 
Commutative Semigroups (Cardoza, [ 6 ]). 
Definition 2. 30 : 

A set A c n^ (or In'') is said to be linear iff there exist vectors 
Vq € n'" (called the base of A) and W. € In''. 1 s i ^ n (called the 
periods of A) such that: 

A = {V € O^ I ax € IN, 1 « i i n: V = V^ + 2 x. • W } 
1 i=l 1 i 
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Matrix Notation: 

Let W be the r X n matrix whose column vectors are the periods W., 
1 ^ i ^ n. Then we have: A = {v 6 O^ | aX € IN": V = V^ + W • X}. 
Definition 2.31 ; 

A set A c (or IN ) is said to be semilinear iff it is the union of 
a finite number of linear sets in Q^. 
Theorem 2. 9: 

(a) The union of a finite number of semilinear sets in Q,^ (IN^) is 
a semilinear set in O^ (In''). 

(b) The intersection of a finite number of semilinear sets in 
n (]N^) is a semilinear set in O^ (IN^). 

(c) The complement O^ - A of a semilinear set A c o'^ is a 
semilinear set in O ; the complement IN - A of a semilinear 
set A c IN is a semilinear set in IN . 

(a) follows from the definition; (b) and (c) are proved in 
Ginsburg and Spanier [14]. 

Theorem 2. 10; 

The solution space of a set of linear diophantine equations with 
dummy variables is a semilinear set. 

This means that if A(t X r), B(t X s) and C(t x 1) are matrices over 
the integers Z., then the set {V € IN^ | 3X € IN^: A • V + B • X = C) is 
semilinear. 

The proof of this can be found in Ginsburg and Spanier [14] and in 
Van Leeuwen [63]. 

Other examples of semilinear sets are mentioned in Corollary 4.2. 



■54- 



We can apply Theorems 2. 9 and 2.10 to the characterization of 
monotone sets given by Theorem 2, 8: 
Theorem 2. 11 : 

(a) Every monotone set in IN^ is semilinear. 

(b) If the chain-completion A*^ of a monotone set A c eV^ is 
effectively recursive, then A is effectively semilinear. 
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CHAPTER 3 
DECIDABILITY OF BOUNDEDNESS AND COVERABILITY 

3. 1 Introduction 

The decidability of boundedness and cover ability was first proved 
for Vector Addition Systems by Karp and Miller [33], using the notion of 
a coverability tree . Karp and Miller's proof was not complete in the 
sense that it failed to take into account the complications arising from 
certain firing sequences which have a large hurdle but only a small or 
zero marking change. In Hack [20] we have presented a more detailed 
version of Karp and Miller's proof to handle all such situations. 

A proof using geometrical arguments in the vector space IN'' has 
also been presented by Van Leeuwen [63], 

In this section we shall use some of the results on monotone sets 
in Q presented in section 2.6. We feel that this approach may relate 
the properties of boundedness and coverability more directly to the 
structure of the Petri Net in terms of its subnets and submarkings. The 
approach is also slightly more general in that it applies directly to sub- 
markings. But we must warn the reader that the conciseness of this 
approach is deceptive, since much of the mathematical work has simply 
been delegated to the proofs of the results of section 2. 6 (given in the 
Appendix). 

'^^e coverability problem is the problem of deciding, given a 
Petri Net N with initial marking M^ and an arbitrary marking M, whether 
M is coverable in Rj^(Mq). i. e. whether there exists a marking 
M' € Rj^(Mq) such that M' s M. 

Let us thus define the set of coverable markings C^(M„): 
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Cj^(Mq) = {M 6 IN^ I a M' € Rjg(MQ): M' ^ M} 

This set is clearly monotone by construction. Its chain- completion is, 
from Theorem 2.7: 

C^(Mq) = {V 6 O^ I V M € ]N^: M « V =» OM" € Rj^(Mq):M' ^M)} 

Recalling the definition of submarking coverability (Definition 2. 18), 
we have: 

cJj{Mq) = {V € 0^ I V is coverable in Rjj(Mq)} 

Thus: 
Lemma 3. 1 : 

The chain- completion of the set of coverable markings is the set 
of coverable submarkings. 

From Theorems 2. 5 and 2. 8 we can conclude that there exists a 
finite set of maximal coverable submarkings c5^(Mf.) = {v , . . . . V ) such 
that: 

C^(Mq) = {V € O^ 1 V ^ Vj or ... or V ^ V^3 

Cj^(Mq) = {M 6 JN"" 1 M ^ Vj or ... or M ^ V^} 

It is thus clear that the coverability problem for a fixed Petri Net 
is decidable, and quite efficiently so as a matter of fact. 

Boundedness is related to coverability by: 
Lemma 3.2 : 

A place pj is bounded iff the submarking (Vj, 1 ^j^v. VCj) = 

if j = i then co else 0) is not coverable. 
Proof ; 

If p^ is bounded, then there exists a bound b such that the marking 
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(V j, s j s r: M(j) = if j = i then b else 0) is not coverable, hence V 
is not coverable. Conversely, if V is not coverable, then for 
some b there exists such a marking M, which determines a 



bound for p.. 



QED 



If we now want to prove that the Boundedness and Coverability 
Problems are uniformly decidable, we have to effectively construct the 
finite set of maximal coverable submarkings. The Karp and Miller 
Coverability Tree is such a construction: the labels of the nodes in this 
tree constitute a finite set of coverable submarkings which contains all 
maximal coverable submarkings. In the following sections, we shall 
also construct coverability trees, in a step-by- step approach designed to 
illustrate more clearly the relationship between the coverability tree and 
various subnets of the Petri Net. 

3.2 Primary Unboundedness and the Primary Coverability Tree 
One way a place p. may become unbounded is the following: 
Let Mq be the initial marking, and suppose there exists a firing 

sequence a^Cg such that: 

MQfffj>M^ & M^[a2>M2 & Mg ^^M^ & MgCp.) > Mj(p.) 

Because of Mg ^M^, every firing sequence possible from M. is also 
possible from M^; in particular, a^ can be repeated, and therefore 
^1^*'2^ is a legal set of firing sequences. But then it is clear that by 
repeating cr^ arbitrarily often, the marking in p. can grow without bounds. 
In particular, after the firing sequence 0^i«'2^"» ^® marking will be 
Mj + n • (Mg -Mj). All places p for which M2{p.) - M.(p.) > will be 

J J "^ J 

unbounded. 
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This is called primary unboundedness . 

But this is not the only way a place can become unbounded. For 
example^ in the Petri Net of Figure 3. 1 place p . is unbounded: given any 
number n, the firing sequence (t. )'^ ^o^^s)'^ yields the marking 
(O, 1, 0, n>. But for no pair of reachable markings such that M„ ^ M. 
do we also have M2(p^) > M. (p^). This net incidentally has the interest- 
ing property that t, can fire any finite number of times, but cannot fire 
indefinitely (see the "reachability graph" of this net in Figure 3.2). 

However, in this case the unboundedness of p . follows from that 
of p„, for which we do find two markings having the property described 
here: MQ[tj>M^ and M^ a M^ and M^Cpg) > M^Cpg). 
Because of this dependency, the unboundedness of p . may be called 
secondary unboundedness. In the next section we shall see how this is 
related to primary unboundedness in a subnet. 

The following construction, which we call a primary coverability 
tree, is useful for investigating primary unboundedness. We define it 
in the general case of a subnet with an initial submarking. 
Definition 3.1 ; 

The primary coverability tree D (V^) of a given Petri Net with a 

given initial submarking Vq (or subnet defined by the support 

P(Vq) of the initial submarking) is a labelled rooted tree defined 

iteratively as follows: 

base: The root node p is labelled V«: L = V«. 
Up 

step; Let a be a node with label L which has not yet been declared 
as a leaf -node. There are four cases, 
(a) No transition is firable at submarking L, i.e. Vt € L; 

L^ 4 F(t). In that case a is a leaf -node called a dead-end . 
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(b) There exists a node y 7^ a on the path from p to a such that 

L = L . In that case a is a leaf-node called a X-loop-end , 
and a X-backpointer points from a back to y. This pointer is 
for record -keeping only and is not an arc of the tree. 

(c) There exists a node y on the path from p to a such that 



^a^L 



. In that case a is a leaf node called an co- loop -end , 
and an u>-backpointer (also for record-keeping only) is directed 
from a back to y. In addition, the label L is modified by 
setting those coordinates in which L strictly exceeds L to CO, 
(d) If neither of the above cases holds, then a is an interior mode, 
and it has a successor node whose label is L - F(t) + B(t) for 
every transition t firable at L . The arcs pointing to the 
successor nodes are labelled with the transition whose firing 
they express. 
Note 1 ; 

This definition differs from that of a full coverability tree given in 
Hack [20], Karp and Miller [33] or Keller [34] essentially in the fact 
that only primary unboundedness is found (relative to a subnet in case 
of an initial submarking), and so nodes where new co's are introduced 
are leaf-nodes, i. e. nodes without successors in the tree. 
Note 2 ; 

Step (c) in this definition may be interpreted in several ways if 
there exist more than one node y on the path from p to a such that 
L > L . We may choose one arbitrarily, in which case the primary 
coverability tree is not unique, or we may choose all such nodes and 
generate appropriately many u) -backpointers, each causing some set 
of new 0) -coordinates. The proofs which follow do not essentially 
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depend on which interpretation we choose. The proof of Leinma 3. 4 
is written for a single uJ- backpointer, and the argument only has to 
be repeated for the other co -backpointers, if any. 

Figure 3. 3 shows two primary coverability trees for the Net of 
Figure 3. 1. 
Lemma 3. 3 ; 

Every primary coverability tree is finite and can be effectively 

constructed. 
Proof ; 

Suppose the tree is infinite. By construction, every node has at 
most as many immediate successors as there are transitions in the 
Petri Net, a finite number. Then, by KBnig's Infinity Lemma for 
rooted trees, there must be an infinite path in the tree, i. e. a path 
which does not eventually end at a leaf node. But then, by 
Theorem 2. 4(a), there must be an infinite subsequence non- 
decreasing in each coordinate of the sequence of node labels along 
that infinite path. This implies the existence of two nodes a and ^ 
along the path, where a is reached before /3, such that L ^ ^ L . But 
then node ^ should be a leaf-node - either a X-loop-end or an co-loop- 
end, which contradicts the existence of an infinite path. 

Since the tree must be finite, the iterative definition can be used 
as a terminating algorithm to construct it. 

QED 
Note ; 

Ktinig's Infinity Lemma for rooted trees can easily be proved non- 
constructively. Assume the rooted tree is infinite, yet at each node 
there is a finite number of branches. Then at least one of the 
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branches from the root node must point to the root of an infinite 
subtree. The path traced out by the root nodes of such successive 
infinite subtrees must be an infinite path - QED. KBnig's original 
Infinity Lemma [36] is more general. We provide a translation of 
his proof in Hack [20]. 

The reason for introducing new to- coordinates in the label of an 

u; -loop- end, which indicates primary unboundedness. becomes clear 
from: 

Lemmia 3. 4 ; 

If V is the label of some node a in the primary coverability tree 

°N^^0^' then V is coverable in Rj^(Vq). 
Proof ; 

Let us adopt the convention that if a path (a forwards sequence 
of labelled arcs in the tree D^CVg)) from node a to node ^ spells out 
a sequence a of arc labels, we write a[Q)fi. From the construction 
°^ ^N^^O^ *^ follows that if jS is not an co-loop-end. then the firing 
sequence a also leads from L to L«- 

OL p' 

(T ^L ; a.^ nodes in Dj^(Vq): apx)^ =» ^a^'^^^B 

Thus, if a is not an a)-loop-end. then p[a)a for some path a 

implies VQ[a>V. i. e. V is in fact reachable in R..(V„). 

N 

If a is an u)-loop-end. then there exists, by construction, an 
internal node y such that: 

yp)ct & L^ > Ly & Ly € Rj^(Vq) 

Since L^ > L^. a is also firable at L^. in fact arbitrarily often, and 
each repetition of a increases the marking in the coordinates 
corresponding to the new W- coordinates, whereas the marking in the 
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finite coordinates agrees with L Th„= ♦u 

s ca witn L.^. Thus the new to -coordinates are 

unbounded in R^CV^). and L is coverable In R (V ) 



QED 



Before proceeding to search for all unbounded places (in the next 
section), we show that the primary coverability tree is sufficient to 
decide boundedness of the whole Petri Net: 
Theorem 3. 1 : 

It is decidable whether a given Petri Net with its initial marking 
Mq is bounded. 
Proof ; 

If the primary coverability tree contains u>.loop-ends. then the 
net is unbounded, by Lemma 3. 4 above. Now suppose there are no 
a)'s. i. e. every leaf node is either a dead-end or a X-loop-end. If 
we fold all X-loop-ends along their X- backpointers (by identifying the 
X-loop-end node with the interior node), we obtain a finite graph 
Where the vertices are labelled with markings, and where for every 
node a whose label is M. and for every transition t which is firable 
at M. there exists an arc labelled t which leads from a to a node ^ 
whose label is M'. such that M[t>M.. In other words, every firing 
sequence a starting at M, and leading to M € R^(M,) can be spelled 
by the arcs along a path from p to some node a labelled M. So 
every reachable marking is represented in the graph. Since the 
graph is finite, the number of reachable markings is finite, so the 
net must be bounded. In fact, the bounds for the various places can 
be found by inspecting the labels of the graph. 

QED 
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3.3 Boundedness of a Given Place and the 
Complete Coverability Tree 

To establish the unboundedness of a Petri Net, it is sufficient to 
establish the existence of some unbounded place by constructing the 
primary coverability tree for the initial marking. 

But if we also construct primary coverability trees for the sub- 
markings which label w-loop ends, we can find more unbounded places, 
including places which are not primary unbounded. Indeed, we have: 
Lemma 3.5 ; 

If V is coverable in Rj^(Vq), and V is coverable in Rj^{V), then 
V is coverable in R (V„). 
Proof : 

Let M' be an arbitrary marking which agrees with V: 

(1) M' w V 

By Theorem 2.3, since V is coverable in Rj^(V), there exist 
markings M and M. such that: 

(2) M « V 

(3) M^ s M' 

(4) Mj 6 Rj^(M) 

Since V is coverable in R^{V^), Theorem 2. 3 applied to (2) 
implies the existence of M„ and M„ such that: 

(5) Mq « Vq 

(6) Mg ^ M 



Now rewrite (6) as: 



and define: 



(7) Mg 6 R^(]VIq ) 

(8) Mg = M + W, where W ^ 
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(9) M" = Mj + W. where W = M - M ^ 
From Theorem 2. 1 (containment) applied to (4) and (9)le deduce: 

(10) M" 6 R^iM^) 
Thus, given M- . v (1). we deduce the existence of M" and M^ such 
that: 

(H) Mg «, Vg (5, 

(12) M" . M. from (3) and (9) 

<13) M" 6 H^(M„) from (7) and (10) 

Bu, then Theorem 2. 3 implies ,l.a, v is indeed coverable in R (V ) 

NO 

QED 

This Lemma justifies the construction of the Complete 
Coverability Tree out of primary coverability trees as follows: 
Definition 3.2: 

The Comelete Coverability Tree g^(M„) of a Petri Net N with 
initial marking M„ is constructed iteratively as follows: 
basis : 

Construct the primary coverability tree Dj^(M ). its 
X-loop-ends and its dead-ends are leaf nodes of 6^ (M,). but all 
other nodes are interior nodes; the «-loop ends are still 
distinguished, but they are considered interior nodes. 
step : 

If or is an a,loop-end with label L^ , y. append the primary 
coverability D^(v) by identifying a wi«, the root node of D (V) 
All nodes of D^(v) e«ept X-loop-ends and dead-ends become 
interior nodes of D-^(M ). 

If there are no w-loon-ends i«»ft ♦t,^ a 

xuop enas left, the construction of D (M ) 

is complete. ° 
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Figure 3. 4 shows the complete coverability tree for the Net 
of Figure 3. 1. 

This construction terminates and is effective. Because: 
Lemma 3. 6 ; 

The complete coverability tree D(M-) is finite and can be 
effectively constructed. 
Proof : 

A 

Any branch in D(Mq) consists of a sequence of finite branches 
from primary coverability trees, and each time a new primary 
coverability tree is encountered, the number of w- coordinates of 
the labels increases, and the support of the corresponding 
submarkings strictly decreases. A branch of D(M ) therefore 
consists of a finite number of finite segments, and is finite. Since 
branching at every node is finite, the tree is finite by KBnig's Lemma. 

QED 
In the proof of Theorem 3. 1 we showed that if a primary cover- 
ability tree contains no to -loop-ends, then every firing sequence from the 
initial marking (or submarking) can be folded onto the graph obtained by 
closing the X-loops. 

The same construction can be applied to complete coverability 
trees, because in a complete coverability tree the only leaf-nodes are 
X-loop-ends and dead-ends. 
Lemma 3. 7 : 

If a marking M is reachable from Mq in a Petri Net N, then the 

A 

complete coverability tree Dj^(Mq) contains a node a whose label 
agrees with M: 
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Proof ; 

Let a be a firing sequence leading to M, i. e. MQ[a>M. The 
proof is by induction on the length of cr. 
basis; a = X (the empty firing sequence) 

Then M = Mq and « = p, the root node: L = Mq. 
step; 

a = J' 't and there exists a node a' such that L , f» M', where 
MqPOM". We have M'[t>M, so a' is not a dead-end. We may also 
assume that a' is not a X-loop-end; if it were, its X backpointer 
would point to a node y with the same label, and we could have chosen 
that node instead. 

It follows that a' is an interior node, and there exists a successor 
node a. joined to a' by an arc labelled t, whose label is obtained 
from V = L^, - F(t) + B{t). 

If a is not an c*)-loop node in some component primary coverability 
tree, then L^ is simply equal to V (step d in Definition 3. 1). Since 
L^ , «^ M' and M = M' - F(t) + B(t), we have V w M, and hence also 
Lq, w M. 

If a is an a>-loop node in a component primary coverability tree, 
then its label L^ is obtained from V by replacing certain coordinates 
by w. But this still permits us to infer L «* M from V « M. 

In every case, we have proved the existence of a node a whose 
label agrees with M. Moreover, the firing sequence a can be 
spelled out by a sequence of paths in Dj^(Mq) from p to a linked by 
X- backpointers. This, incidentally, is the reason for "labelling" 
these backpointers with the symbol for the empty string, X . 

QED 
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Now we can use the Complete Coverability Tree to answer 
questions about coverability and boundedness: 
Theorem 3.2; 

A submarking V is coverable in Rj^CMq) if and only if some node 

A 

a in Dj^(Mq) carries a label which covers V: L ^ V. 
Proof ; 

(a) if; 

Every label in the primary coverability tree D„(Mq) is 
coverable in Rj^(Mq), by Lemma 3. 4. Because of Lemma 3. 5, 
this property extends inductively to all nodes in Dj,(M.). 
Indeed, let a be an a>- loop- end whose label V is already known to 
be coverable in Rj^(Mq). Then every node in the primary 
coverability tree appended to a in the construction of ^-JM^) is 
coverable in Rj^(V) by Lemma 3. 4. and hence coverable in 
Rj^(Mq) by Lemma 3. 5. 

Thus, if L^ ^ V for some node a and some given submarking 
V, then the coverability in Rj^(Mq) of L^ implies the coverability 
of V. 
(b) only if ; 

If V is coverable in Rj^(Mq), then every marking M which 
agrees with V is coverable in Rjj(Mq). by definition. So let us 
choose M such that its unspecified coordinates (those corres- 
ponding to OJ- coordinates in V) are larger than any finite 
coordinate of all labels in Dj^(Mq). Since M is coverable in 
Ri^(Mq), there exists M' ^ M such that M' € Rj^(Mq). By 
Lemma 3. 7, there exists a node a € D--(M-) such that L w M'. 
The finite coordinates of V are covered by M' and hence by L . 
The u) -coordinates of V correspond to coordinates which, in M 
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and thus also in M', are larger than any finite coordinates of all 
labels, such as L^. Thus L^ must have to -coordinates where V 
has w -coordinates: L^ exceeds (or equals) V in all coordinates: 

L ^ V. 
" QED 



Theorem 3. 3 



(a) A place p^ is unbounded in Rj^(Mq) if and only if some node a 
in Dj^(Mq) has a label L^ whose i^*^ coordinate is to. 

(b) The largest number of tokens b. that can ever accumulate in 



place p. is the largest value taken by the i coordinate over 

A 

Proof: 



A 

all labels in Dj^(Mq). 



(a) By Lemma 3. 2, place p^ is unbounded iff a vector whose i^ 

coordinate is ui (and all other coordinates are zero) is coverable. 
By Theorem 3.2 this is equivalent to saying there exists a label 



th 

whose i coordinate is u). 



(b) Suppose p^ is bounded, and the largest reachable number of 

tokens is b.. Let M be a marking which achieves the bound, 
i. e. the i coordinate of M is equal to b.. By Lemma 3. 7 there 
exists a node a such that L^ «* M. By part (a) above, the i^^ 
coordinate of L^ cannot be to, and hence must equal b.. If some 
node ^ had a label Lo whose i^ coordinate exceeded b., then by 

tK 

Theorem 3.2 some marking whose i coordinate exceeds b. would 

1 

be reachable, contradicting the fact that b. is a bound on the 
number of tokens in p.. Hence b^ must be the largest value of the 



th '^ 

i coordinate of all labels in D-^(M-). 



QED 
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From Lemma 3. 6 and Theorems 3.2 and 3. 3 we can conclude, 
without further proof: 
Theorem 3. 4 ; 

(a) It is decidable whether a given submarking is coverable in a 
given Petri Net with a given initial marking. 

(b) It is decidable whether a given place is bounded in a given 
Petri Net with a given initial marking. 

The following corollary states some consequences of Theorem 
3. 4 which are easy to prove: 
Corollary 3. 1; 

(a) Potential firability is decidable. 

(b) t-deadness is decidable. 

(c) It is decidable whether a given transition can fire arbitrarily 
many times (infinite firabUity). 

(d) It is decidable whether a given place p. will ever receive a 
token. 

Proof : 

(a) Potential firability of transition t at marking M is equivalent to 
the coverability of F(t) in Rj^(M); see the observation following 
Definition 2. 9. 

(b) t-deadness of M is the negation of (a). 

(c) If we attach an extra output place p' to t to count the number of 
firings, we only have to check the boundedness of p». 

(d) This is equivalent to whether the marking whose i^*^ coordinate is 
1 and all other coordinates are zero is coverable. 

QED 
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CHAPTER 4 
REACHABILITY PROBLEMS 

^•1 Reachability of a Given Marking or Submarking 

The decidability of the Reachability Problem is probably the most 
important open problem in the mathematical theory of Petri Nets and 
related formalisms. In the Introduction we saw how it relates to 
similar unsolved problems in other theories. In this chapter we exhibit 
a number of recursively equivalent formulations of the Reachability 
Problem. 

Given a Petri Net N = <n, L. F, B. Mq> with places n = {p^ . . . p^} 
and transitions £ = {t^ ... t^}. these various formulations are: 
The Reachability Problem (RP) ; Given M € IN^ is M € R (M )? 
The Subma rking Reachability Problem (SRP) ; Given P 9 n and 

M/P € (IN u {co]f, does there exist an M' € Rj^(Mq) such that 
M/P » M'? 
The Zero Reachability Proble m (ZRP): Is € R (M )*? 
The Single-Place Zero Reachability Problem (SPZRP) : Given a place 
p € n, does there exist an M € Rjj(Mq) such that M(p) = 0? 
Since RP and SPZRP are instances of SRP and ZRP is an instance 
of RP. it is sufficient to close the circle of reducibilities by showing that 
SRP is reducible to ZRP. and that ZRP is reducible to SPZRP. 
Lemma 4. 1 ; 

SRP is reducible to ZRP. 
Proof ; 

We are given a Petri Net N and a submarking M/P over a subset of 
the places P £ 11. 

Let us add a "run" place p^ to N; p^ contains one token and self- 
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loops on every transition of N. (See Figure 4. 1. ) 

For every place p. 6 11 we add a transition B. which receives a 
single arc from p.. A transition named Bq transfers a token from 
Pq to a new place ff^ which self- loops on every ft, 1 s i s r, and a 
transition B^ removes a token from n , 

For every place pj 6 P we include a new place tr originally 
marked with ]V^p(i) tokens. Each place ff sends a single arc to ft. 

Now the only way the augmented Net can reach the zero marking 
is if all ir^ places are emptied. This requires first reaching some 
marking M' in N. then firing Bq into ir^. At this point, we can empty 
all places in 11 -p since the corresponding ft transitions are not 
further constrained. But for p^ 6 P. 6^ can empty both p. and it. if 
and only if M'{p.) = ivyp(7r.); if either p. or ir^ contains more tokens, 
it cannot be ennptied. 

The last firing is that of 0^, and the zero marking could have been 
reached if and only if M' « IV^p. Therefore, a test for ZRP of the 
augmented Net can decide SRP for Mp in N. 

QED 
Lemma 4.2 ; 

ZRP is reducible to SPZRP. 

Proof: 

We want to check whether the zero marking is reachable in Petri 

Net N. 

Let us add to N a new place ff such that, at all times, ff contains 
as many tokens as there are in all places of N, i. e. at every marking 
M: 

M(ff) = ,£ M(p.) 
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In particular, at the initial marking tt contains L M„(p ) tokens 
r i = 1 '^i 

Let A^. = .E (B(p., t^.) - F{p., t^.)) be the change in the total number 
of tokens in N for one firing of transition t.. We simply connect t 
to ir by a bundle of thickness A. such that: 

Aj i =» F(ir,t^.) = & B(ff,t.) = A. 

A. <0 =* F(tr.t) = -A, & B(ir.t.) = 
•' J J ] 

Then the change to M(ff) is also A . Moreover, if t. is firable at IM 
in N, then it is also firable in N augmented by IT, since M(ff) must 
exceed the sum L F(p., t ), which is greater than F(Tr, t.). 

Now M = iff M(ir) = 0, so that a test for SPZRP of n in the 
augmented Net decides ZRP for N. 

QED 
Figure 4. 2 shows an example of this construction. 

From the obvious reducibilities and the two Lemmas we conclude: 
Theorem 4. 1 ; 

RP, SRP, ZRP and SPZRP are all recursively equivalent to each 
other. 

Figure 4. 3 shows the circle of reducibilities. A thin arrow 
indicates the reducibility of a problem to a more general problem of 
which it is an instance. 

^'^ Reachabili ty of Some Marking in a Given Set of Markings 

In some cases, such as in the investigation of Liveness in the 
next chapter, we would like to test whether at least one marking in a 
given set of markings is reachable. If the set is finite, this involves 
just a finite number of applications of RP. but if the set is infinite, we 
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have to use a different approach. 

We have already encountered Reachability Problems of this kind. 
The SRP asks whether there exists a reachable marking in the set 
{M € in |m « V} of all markings agreeing with the submarking V. The 
Cover ability Problem is a decidable case of this kind, where we ask 
whether the set {M' 6 IN^ |m' ^ M} contains a reachable marking. 

Such sets of markings to be tested for reachability can also be 
viewed as predicates, where P(M) is true of marking M iff M is a member 
of such a set. Thus, the predicate agrees- with- V holds for M iff 
M 6 {m 6 IN^ |m « V}. 
Definition 4. 1 ; 

(a) A set A c ]N^ is said to be RP-solvable iff the problem of 
deciding, for a given Petri Net N with initial marking 

Mq 6 1^, whether there exists a reachable marking in the 
set A is recursively reducible to RP: [? R (Mq) Aj^0] 
is reducible to RP. 

(b) A Predicate P(M) is said to be RP-solvable iff the problem 
of deciding, for a given Petri Net N with initial marking Mq, 
whether there exists a reachable marking which satisfies P 
is recursively reducible to RP: [? SM € Rj^(Mq): P(M)] is 
reducible to RP. 

(c) This problem is called the General Reachability Problem for 
the Petri Net N and the Predicate P, or the set A. 

The General Reachability Problem (GRP) is thus reducible to the 
RP by definition. The question of interest is now to exhibit a large 
class of RP-solvable sets and predicates. 
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Many sets of markings which will be of interest in later chapters 
can be directly proved to be RP- solvable, by showing a suitable 
construction, usually very similar to the construction of Figure 4. 1. 
Examples are the set of markings covered by a given submarking (used 
in the proof of Theorem 5. 1), or the set of markings not exceeding a 
given marking (used in the proof of Theorem 5. 3). 

But we shall use a more general approach and show that, among 
others, all semilinear sets (the two examples above are semilinear) are 
RP- solvable. 
Lemma 4. 3 ; 

Every Reachability Set is RP- solvable. 
Proof ; 

Let Rjj(Mq) c in be the Reachability Set of a given Petri Net N 
with initial marking Mq. We have to show that for every other 
Petri Net of r places, say N' with initial marking M» , we can decide 
whether Rj^,(M'j) H Rjj(Mq) / if we can decide RP or, in this 
proof, ZRP. 

Given copies of the two nets N and N' with their respective initial 
markings, we construct a new net N" as shown in Figure 4. 4 (compare 
Figure 4. 11 ): Each component, N and N', has its "run" place, p_ 
respectively p|j. There is an extra place ft which receives a token 
from transition 9q; this transition removes both "run" tokens. The 
set of transitions a, 1 ^ i s r, matches the markings reached in N and 
N' token by token; it self-loops on place ff. Finally, Q' removes the 
token from IT. It is easy to see that this new net N" can reach the 
zero marking iff some marking can be reached in both N and N', so 



■79- 




Figure 4.4 
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Figure 4. 5 
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that the transitions 9. can let the marking in N exactly cancel the 
marking in N'. ^^^ 

This Lemma involves the Common Marking Problem; Does there 
exist a marking common to two Reachability Sets? 
Corollary 4. 1 ; 

The Common Marking Problem is recursively equivalent to the 
Reachability Problem. 
Proof ; 

Lemma 4. 3 shows reducibility in one direction. For the other 
direction, let one net be a net without transitions. Its Reachability 
Set is then a singleton set, consisting only of the initial marking. 
Then RP is an instance of the Common Marking Problem, 

QED 
Lemma 4. 4 ; 

Every Linear Set in IN^ is a Reachability Set. 
Proof ; 

Recall that a Linear Set A c jsj^ can be defined by a vector 
Vq 6 ]N (the base) and a non-negative r X s matrix B (whose s 
column vectors are the periods) by: 

A = {V € in"* lax € K^ : V = V^ + B • X) 
This also precisely defines the Reachability Set of a Petri Net 
N = <{pj ... p^3, [tj. .... tg], F. B. Vq] > where F is identically 

zero (every transition has zero input places) and each transition t. 

th ^ 

corresponds to a period, viz. the j*^" column of matrix B. 

Figure 4. 5 shows an example. 

QED 
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Lemma 4. 5: 



Proof: 



The finite union of RP- solvable sets (of same dimension) is an 
RP-solvable set. 



Let Aj^, . . . , A be a finite collection of RP-solvable sets (of 



n 

same dimension), and let A = IJ A. be their union. Then the GRP 

i=l 1 

for a given Petri Net N and the set A is decided in the affirmative iff 

for some i, 1 ^ i ^ n, the GRP for the net N and the set A. is decided 

1 

in the affirmative. If A contains a reachable marking M € R„, then 
A must contain that marking. 

QED 
Recall that a semilinear set is the finite union of linear sets. 
Hence: 
Theorem 4.2: 

Every semilinear set is RP-solvable. 



This theorem is especially important because semilinear sets are 
closed under union, intersection and complementation (Theorem 2.9). 
Thus, if we define a semilinear predicate over fJ^ as a predicate whose 
Truth domain is a semilinear set, then every proposition involving semi- 
linear predicates of the same argument is a semilinear predicate of that 
argument, and thus RP-solvable. 

The following corollary lists a number of semilinear sets: 
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Corollary 4. 2; 

The following sets are RP-solvable: 

(a) Given matrices A (t x r), B (t x s), C (t x 1) over Z: 

{V € in'" IgX 6 IN®: A -V + B • X = C] 
( solutions to linear diophantine equations with dummy 
variables) 

(b) Given vectors V. , ... V 6 O^: 

1 n 

{V 6 IN^ I a i, 1 s i s n; V s v.] 

(c) Given a vector W € IN^: 

{V e IN^ I V ^ Wj 
Proof ; 

(a) The solution space to a set of linear diophantine equations with 
dummy variables is semilinear (Theorem 2. 10). See, for 
example, Ginsburg and Spanier [14] or Van Leeuwen [63]. 

(b) This is a finite union of instances of (a), where A = B = I, the 
identity matrix, and C = V.. 

(c) This is the complement of an instance of (a), where A = -B = I 
and C = W. 

QED 

As an exercise, the reader may wish to prove RP-solvability of 
these three sets directly, by adding the appropriate mechanisms to the 
construction of Figure 4. 1. These constructions are much simpler than 
trying to find a semilinear representation of the sets and then using 
Lemmas 4. 3, 4. 4 and 4. 5. 
Remark ; 

Semilinear Sets correspond exactly to Predicates expressible in 
Presburger arithmetic (Ginsburg and Spanier [14]). 
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CHAPTER 5 
LIVENESS AND PERSISTENCE 

5. 1 Liveness 

The decision problems discussed in this section are: 

The Liveness Problem (LP); Given a Petri Net N with an initial 
marking Mq, is N live at M q, i. e. is every transition live at Mq? 

The Sub- Liveness Problem ( SLP ); Given a Petri Net, an initial 
marking Mq, and a transition t of the net, is t live at M q in N ? 

Let us recall that a transition is live at Mq iff no t-dead marking is 
reachable, where a marking M is said to be t-dead iff no firing sequence 
starting at M can ever fire t, or alternatively, if t is not potentially 
firable at M (see Definitions 2. 9, 2. 10 and 2. 11). 

Thus SLP appears to be an instance of the General Reachability 
Problem applied to the set of t-dead markings, if we can show that this 
set is RP- solvable. 

Let D^ be the set of t-dead markings of a given Petri Net: 

D^ = {M € ]N^ 1 t is not potentially firable at M} 

The most important property of this set is its monotonicity (Definition 
2.27): 

Lemma 5. 1 

The set D^ of t-dead markings of a given Petri Net is monotone: 

(M' :s m & M 6 D ) =» M' € D 
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Proof ; 

Suppose M- is not t-dead, i. e. there exists a firing sequence 
starting at M' which fires t. By the containment property (Theorem 
2.1), this firing sequence is also fir able at the larger marking 
M s M'. But this contradicts the assumption of t-deadness of M. 

QED 

From Theorem 2. 11(a) we conclude that D^. being monotone, must be 
semilinear. And if the chain- completion D^ (see Definition 2. 29) is 
effectively recursive, i. e. if. given a Petri Net. we can decide member- 
ship in D^. then D^ is effectively semilinear. 

From Theorem 2. 7 we get the following characterization of the chain- 
completion of D : 

D^ = {V 6 O^ I vM € ]N^: M « V =» M € D } 

If we compare this characterization with the definition of a t-dead sub- 
marking (Definition 2. 21) we conclude that: 

D^ = {V € O^ I V is t-dead} 



Thus, the chain- completion of the set of t-dead markings is simply the 

+ 
of t-dead submarkings. ' All that remains to be proved is: 

Lemma 5.2 : 

It is decidable whether a given submarking V is t-dead. for a 



set 



t In general. Theorem 2. 7 implies that if A is a set of markings having a 
certam property IP. then its chain completion is the set of submarkinls 
havmg the property P' which is the strong extension of propert^ P We 
coverabmty ' ''"''"" '''"'''°" '" C hapte'r ^S, for the pr^opeVof ' 
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given transition t in a given Petri Net N. 

Proof ; 

Let P be the support P(V) of submarking V. i. e. the set of places 
on which it is defined (finite coordinates of V). Then V is t-dead in N 
iff V is t-dead as a marking of the subnet N Indeed, for any firing 

sequence starting at V in the subnet N- we can find a marking M « V 
at which the same firing sequence is flrable (Theorem 2.2(b)) in the 
net N. Thus (V not t-dead in N ) =» (M not t-dead in N) =» (V not 
t-dead in N by definition). And if no firing sequence involving t is 
possible from V in the subnet, then a fortiori no such firing sequence 
is possible in N at any M « V. 

But now Corollary 3. 1 says that the t-deadness of V in N is 
decidable. Hence the t-deadness of V in N is decidable. 



QED 



Now we can assert; 



Theorem 5. 1; 



Liveness (both LP and SLP) is recursively reducible to 
Reachability. 

Proof ; 

LP is a finite number of instances of SLP, one per transition. 

Since the set of t-dead markings D^ is monotone (Lemma 5. 1) and its 
chain- completion, the set of t-dead submarkings D^, is effectively 
recursive (Lemma 5.2), D^ is effectively semilinear, by Theorem 
2.11(b). and hence RP-solvable, by Theorem 4.2. This means that 
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the question of deciding whether some t-dead marking M € D is 
reachable, i. e. the SLP, is recursively reducible to the Reachability 
Problem (Definition 4. 1). 



QED 



We should point out, however, that the reliance on the semilinearity 
of D^ may be considered overkill. The characterization of D given by 
Theorem 2. 8, on which the claim of semilinearity is based, is in terms 
of the finite set D^ of maximal elements of D^. We may call this the 
set of maximal t-dead submarkings; 



°t "" CVj. . . . , Vj^ I 1 s i s k: V. is a maximal element of D^J 

Then we have: D^ = Cm € In'' | M s V^ or . . . or M ^ V^] . Now a 
simple modification of the construction in Figure 4. 1 can be used to 
reduce reachability of some marking M s V. to reachability of zero, and 
thus reduce SLP to k instances of ZRP applied to this construction, once 
for each maximal t-dead submarking V.. 1 s i s: k. We leave the details 
as an exercise for the reader. 

Now we shall prove that the converse reducibility also holds. 

Theorem 5. 2: 



(a) Reachability is recursively reducible to Liveness. 

(b) Reachability and Liveness are recursively equivalent. 



Proof: 



(a) We shall reduce the Single-Place Zero-Reachability Problem 

(SPZRP) to the LP. This is sufficient in view of the equivalence 
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of RP and SPZRP, from Theorem 4. 1. Let N be a Petri Net in 
which we wish to test whether a given place p. can ever become 
empty, for a given initial marking. 

As shown in Figure 5. 1, we construct a new net Nby adding 
to a copy of N the following: 

- a "run" place p^ which self-loops on every transition of N. 

- a transition d^ which may remove the token initially 

present in p^. 

- a transition B^ which transfers a token from the test place 

Pj to a new place ff. 

- a transition ^ which self- loops on it and deposits tokens 

on all places of the net, including p-. and p.. 
The operation of N is as follows. As long as neither e^nor 
^j has fired, it behaves exactly like N. If, at any time, we fire 
9q before having fired Q^, then the whole net Nis frozen dead 
unless pj contains at least one token, which may fire 9 . 

If, at any time whatsoever, we fire Q. , we place a token on ff 
which cannot disappear. Now 9^ is permanently firable, and can 
generate enough tokens to fire any arbitrary firing sequence. It 
follows that any killing sequence for N must end at a marking where 
Pj is unmarked. Conversely, if such a marking is reachable by a 
firing sequence a, then OB^ is a killing sequence. Thus N is live 
iff place pj cannot become unmarked in N. 
(b) This follows from (a) and from Theorem 5. 1. 

QED 
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Figure 5. 1 




Figure 5. 2 
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CoroUary 5. 1 

The LP and the SLP are recursively reducible to each other. 

Proof ; 

The LP is a finite number of instances of SLP, one for each 
transition. On the other hand. SLP is reducible to RP by Theorem 
5. 1, which is in turn reducible to LP by Theorem 5. 2(a). This is 
why Theorem 5.2(b) simply states equivalence between Liveness 
(LP and SLP) and Reachability (RP. SRP. ZRP. SPZRP • • • ). 

QED 

In Hack [20]. we give a direct proof of the reducibility of SLP to LP. 
Essentially, we show that in a Petri Net, any transition can be replaced 
by a construction in which every transition is live by construction, and 
such that this modified Net behaves exactly like the original Net. The 
trick is that some specific patterns of firings of the new transitions have 
an effect on the rest of the Net identical to the firing of the old transition, 
whereas other patterns have a zero effect on the rest of the Net. Then 
we test the liveness of a particular transition t by replacing all other 
transitions by such guaranteed live constructions. The resulting Net 
will be live iff the remaining original transition is live, and thus we test 
the liveness of this transition by testing the liveness of the whole new Net. 
The construction increases the size of the Net by a small linear factor 
(~6). 

An interesting corollary of this is that any non-live Petri Net can be 
simulated in this way by a live Petri Net. 
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Historical Note; 

As early as 1970 (R. C. Holt. [29]). it has been conjectured that 
Liveness was reducible to Reachability. Keller investigated the 
problem in his 1972 report [34] . He observed the decidability of 
potential firability (which he called "pseudo-liveness"). as well as the 
(reverse) monotonicity of the set of markings at which transitions are 
potentially firable, and he guessed (correctly) that this property would 
be useful in reducing liveness to reachability. 

Our breakthrough (in 1973) was the realization that the possibly 
infinite set of t-dead markings (at which t is not potentially firable) 
could be described by a finite number of t-dead submarkings. thus 
reducing the SLP to a finite number of instances of the SRP 
(Hack. [20. 21]). It was from that proof that we subsequently 
abstracted the properties of monotone sets and their chain- completions 
described in section 2. 6. The separation of these lattice-theoretic 
aspects from the Petri Net aspects of the proof, and the introduction 
of the General Reachability Problem, considerably simplified the 
proof. 

The following example illustrates the use of t-dead submarkings. 

When we say that a submarking V is t-dead, we essentially say that the 
potential firability of transition t depends only on the marking of a certain 
subset of the places, namely the support of V. If this submarking is too 
small, then t will never be firable regardless of how large the marking of 
the other places is. 

In the net of Figure 5.2, if p^ is blank, no amount of tokens will make 
tg potentially firable; if p^ is blank, it must receive a token via a firing 
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of t^, to fire tg, and therefore we can see that the only t, -dead markings 
are (l, 0>, <2,0>, and all markings of the form <0, x>, where x € IN. 
But these markings (O, x> are precisely all markings which agree with the 
submarking p. = 0, which we write as <0,Ci)>,and two markings <1, 0> and 
<2, O). As it turns out, neither of the two markings <1, 0> and <2, 0> is 
reachable, since if t^^ does not fire, there will always be more than 4 
tokens in p-, and after tj^ fires, pg will always contain at least one token. 
The submarking <0, (0> is also not reachable since no firing of t. or tg 
changes the parity of the marking in p. . Since M_(p. ) is odd, we cannot 
reach a marking with zero tokens in p.. The conclusion is that t^ is live 
at Mq = <5, 0>. 

5. 2 Persistence 

As in the case of Liveness, there are essentially two decision problems 
to consider: 

The Persistence Problem (PP): Is a given Petri Net with a given 

initial marking persistent? 
The Sub- Persistence Problem (SPP): Is a given transition t 

persistent in a given Petri Net at a given initial marking? 
And since a Net is persistent iff every transition is persistent, it is 
clear that the PP is just a finite number of instances of the SPP, one for 
each transition. 

But in contrast to the previous section, we have not been able to reduce 
the SPP to the PP. This is because persistent Nets have special 
properties which restrict their generality in a significant way, whereas 
live Nets can "simulate" arbitrary Nets as indicated at the end of the 
previous section. In particular, Keller [35] has shown that Liveness is 
decidable for persistent Nets, and we have some evidence that the 
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Reachability Sets of persistent Nets are effectively semilinear* and 
that persistence of a Petri Net is in fact decidable. 

In this section we shall show that the SPP is recursively equivalent 
to the RP. We do in fact conjecture that the HP is decidable (see 
Chapter 11), but our conjecture for the decidability of the PP is totally 
independent of the RP, and is, in our opinion, also closer to being 
settled. 

Let us recall that a transition is persistent in R„(M(,) iff: 

Vt' 7^ t; VM 6 Rj^(Mq): [m ^ F{t) & M ^ F(t') 

=> M 2: F(t) + F(t')J 

This can be rewritten as: 

t not persistent in R^j(Mq) «* SM € Rj^(Mq) H A 
where 

A = n ({M|MsF(t)3 n {M|M^F(t')} n 

{M |m + F(t)+ F(t')}) 

In other words, A is a semilinear set (see corollary 4. 2 and Theorem 2. 9) and 
RP-solvable, by Theorem 4. 3. It follows that t-persistence is reducible 
to the General Reachability Problem: 

Theorem 5» 3 : 

Persistence (both PP and SPP) is recursively reducible to 
Reachability. 



The semilinearity of persistent Reachability Sets has recently been proved by 
feSfi^r*S.trio"«^ °.?®'**^'f in "Properties of Conflict-Free and Persistent Petri 
Nets , TR #264, Computer Science Dept., U. of Wisconsin. Dec. 1975. 
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It should be observed that the related problem of wt^ether a given 
transition can ever disable another transition can similarly be reduced 
to the GRP. , 

Now we shall show that the reverse reducibility also holds for the SPP, 
i. e. persistence of a given transition , 

Theorem 5. 4 ; 

(a) Reachability is recursively reducible to the Persistence of a 
given transition (SPP). 

(b) The SPP is recursively equivalent to the RP. 

Proof ; 

(a) We shall reduce the SPZRP to the SPP. Let N be a Petri Net 
(with its initial marking) in which we wish to test whether a given 
place, say p^^, can ever become unmarked. The construction 
required is quite trivial: We simply add a transition flL which 
self-loops on the place to be tested for zero, i. e. p. . If p is 
initially unmarked, the SPZRP is trivially affirmed. Otherwise, 
0Q is enabled as long as p^ Is marked, and can only be disabled if 
some other transition eventually removes the last token from p^ . 
Then $_ is persistent iff p- cannot become unmarked. 

(b) This follows from (a) and Theorem 5. 3. 

QED 
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CHAPTER 6 
UNDECIDABILITY AND WEAK COMPUTATION 

6.1 The First Undecidability Proofs for Vector Addition 
Systems and Petri Nets 
When Vector Addition Systems were first developed, it was believed 
that all Reachability Sets would be semilinear. Because of the 
connection between semilinear sets and Presburger Arithmetic, a 
decidable first-order theory, most questions about Vector Addition 
Systems and Petri Nets would then be decidable, including the 
Reachability Problem (still open) and the Inclusion Problem (in fact 
undecidable). But in 1967 M. Rabin [56] showed that this is not the case: 
he exhibited a non- semilinear Reachability Set, and showed that the 
problem of deciding whether one Reachability Set is a subset of another 
Reachability Set (the Inclusion Problem) was undecidable, by reducing 
the unsolvable problem of finding the roots of exponential diophantine 
equations to it. In 1970 the corresponding problem for diophantine 
polynomial equations (Hilbert's Tenth Problem) was shown to be 
undecidable, and Rabin presented a new proof of his Theorem in a talk 
at MIT in 1972. Rabin never published his proof, but an account of his 
1972 talk can be found in Baker [ 4 ]. We presented a Petri Net version 
of this proof in Hack [20] and, on the occasion of publishing our proof of 
the undecidability of the Equality Problem for Reachability Sets 
(Hack [23]), we broke Rabin's proof down into several relatively 
independent steps, each of which may be interesting in its own right. 
This is also our approach in this and the following chapter. 
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6-2 Diophantine Polynomials and Hubert's Tenth Problem 
Hubert's Tenth Problem can be stated as follows: 

Given a polynomial of several variables P(x^ ... x ) with integer 

coefficients, does it have an integral root. i. e. does there exist a 

vector <x ... x > 6 z" such that P(x ' . . . x ) = 0"? 
J. II In" 

It is one of 23 mathematical problems that D. Hilbert [26] proposed to 
mathematicians at a congress in 1900. Many of these were subsequently 
solved or proved undecidable, and the Tenth, despite its very simple 
formulation, was one of the toughest. In the U. S. A. . Davis. Putnam and 
Robinson [10] showed that the corresponding problem for exponential 
polynomials (with variables allowed as exponents) was undecidable, and 
that if the integral roots of ordinary polynomials could grow like an 
exponential function of the coefficients Hilbert' s Tenth Problem would 
also be undecidable. In the USSR, number theorists had been aware of 
such properties of the integral roots of polynomials quite early, but only 
inl970 did Yu. Matijas'evi^ [40] bring the two lines of inquiry together 
and thus demonstrated the undecidability of Hilbert' s Tenth Problem . 

For our purposes, we prefer to restrict our attention to the non- 
negative integers. 

Definition 6. 1; 

A diophantine polynomial P(x^ ... x^) is a polynomial of several 
variables with non-negative integer coefficients. 

Definition 6.2 ; 

The graph of a diophantine polynomial P(x, ... x ) is the set- 

J- n 
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G(P) = {<Xj x^,y> €1N^+My ^ P(Xj ... x^)} 

The version of Hubert's Tenth Problem we shall use in our 
undecidability proofs is what we call the Polynomial Graph Inclusion 
Problem (PGIP) ; 

Given two diophantine polynomials P and Q with the same number of 
variables, do we have G(P) E G{Q)? 

Theorem 6. 1 ; 

The Polynomial Graph Inclusion Problem is recursively 
undecidable. 

Proof ; 

We shall reduce the undecidable Hilbert's Tenth Problem to the 
Polynomial Graph Inclusion Problem. 

(a) We can restrict the arguments of the polynomials to the non- 
negative integers. Indeed. P{x^, .... x^) = has a solution in 
Z if and only if one of the 2" polynomials obtained by replacing 
some variables by their negative has a solution in ]N. 

(b) Any root of P(Xj. .... x^) is also a root of P^{x^, ..., x^). and 
vice versa. Hence we can restrict our attention to polynomials 
whose range is in ]N. 

(c) By separating the positive and the negative coefficients of a poly- 
nomial whose range is non-negative, we get two polynomials 
Qj(Xj. .... x^) and Q2^\' "•' ^n^' ^^^^ ^^^^ non-negative 
integer coefficients, such that: 



-97- 

Vxj x^ 6 IN: Q^(Xj, ..., x^) ^ Q^(x^ x^) 

There exists an integral root to the original polynomial if and only if 

=^"^1 ^n ^ IN: Qj(x^, ..., x^) = Q^(k^, .... x^). 

Now let us consider the following two polynomial graphs: 

^^^1^ = ^S v^^ ^ ^"""^ 1 y ^Qi^^i x„)} 

G(Q2 + 1)= {<Xj. ..., x^,y> 6In"+1 ly^l + QgCx^, .... x^)} 
From this it follows that: 

G(Q2 + 1) £ G(Qj) « [Vxj. .... x^. y 6 IN: 

(y ^ QgCXj. .... x^)+ 1 =» y ^ Qj(x^, ..., x^))] 
« ^ Xj, .... Xj^.y 6 IN: 
Qj(x^. . . . , x^) < y s 1 + QgCXj. • • • . x^) 

Combining this with the fact that Q^ never exceeds Q^, this implies: 

G(Q2 + l)cG(Qj) « 2txj x„. y € IN: 

y= l+Qj(Xj x„)= 1 + Q2(xj, .... x„) 

In other words. Hilbert's Tenth Problem is decided in the negative if 
and only if the corresponding PGIP is decided in the affirmative, thus 
proving the undecidability of the PGIP. 

QED 
Remark : 

'^^® Polynomial Graph Equality Problem (PGEP) is clearly 
decidable. because two polynomial graphs are equal iff the two 
diophantine polynomials take the same value for every argument, 
which is possible if and only if the two polynomials are in fact the 
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same polynomial. We have thus a striking example of a family of 
sets where equality is decidable, but inclusion is not. 

It is also not difficult to prove that Hubert's Tenth Problem is not 
only reducible to the PGIP, but is in fact recursively equivalent to it. 

In the next section we shall show that Petri Net Reachability Sets can 
express polynomial graphs. Actual undecidability proofs will be 
presented in Chapters 7 and 10. 

6. 3 Weak Computation by Petri Nets 

In order to relate Hilbert's Tenth Problem to Petri Nets, we must 
show how Petri Nets can compute polynomials, in some sense. Usually, 
an automaton used to compute a function is given its arguments in some 
form, and started in some "initial" state. If and when the automaton 
halts in some "final" state, we can recover the computed value, for 
example by reading the contents of a certain register. Such an 
automaton is usually thought to be deterministic, or at least functional in 
the sense that all halting computations produce the same result. But the 
non-determinism associated with the set of possible firing sequences in 
a Petri Net is essential to the power of Petri Nets. In fact, if we only 
consider Nets whose firing sequences are monogenic ("deterministic" 
Petri Net. where at every reachable marking only one transition is 
firable). then all the problems mentioned so far are decidable (the reach- 
ability sets will be ultimately periodic or finite). 

So. in order to get any non-trivial functions, we have to modify our 
idea of a computation. Following Rabin, we shall say that a non- 
deterministic automaton weakly computes a function f(Xj . . . x^) iff the 
maximum output value over all computations starting with the argument 
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^•1 » • • • » *_ IS I(X. , , , , , X. ), 

i n 1 n 

This definition makes sense only if the range of output values over all 

computations starting with a given argument is finite. There are thus 

two ways in which a weakly computed function may be undefined for a 

given argument: If there are no computations, i. e. no "final" state is 

reachable, or if there are computations which produce arbitrarily large 

output values for a given argument. 

In this chapter we shall make the fumher assumption that every 
reachable state is a "final" state, so that every execution sequence 
(including the empty one) is a computation sequence, and every prefix of 
a computation sequence is also a computation sequence. We may call 
this the prefix interpretation . 

There are several ways in which a Weak Computer can be represented 
in a Petri Net. The coding of the inputs is usually straightforward: A 
certain number of places, say p^ . . . p , are designated as "input" 
places of the net, and the initial marking is predetermined in the 
remaining places p^^^ ... p^. The initial marking of the input places is 
the argument <Xj, . . . , x^>. Every firing sequence starting from the 
initial marking is considered a computation. 

The output of a Petri Net Weak Computer can be defined in several 
useful ways. In Rabin's proof (as translated into Petri Nets) and in 
Hack [20], the output was defined as the largest marking reached in a 
designated "output place". In Hack [23] it was found more convenient to 
use a distinguished "count" transition whose largest number of firings 
was defined as output. Now we wish to use the length of the longest 
firing sequence as output, in effect declaring every transition to be a 
"count" transition. The main reason is that this definition permits the 
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same construction to be used in proofs about Reachability Sets 
(Chapter 7) and in proofs about Petri Net Languages (Chapter 10). 
Since every transition firing counts, there is no "invisible scratchwork" 
in such a Weak Computer. 

The class of functions weakly computable by Petri Nets may depend 
on the output convention. It is easy to see that the "output place" and 
the single "count transition" conventions are equivalent, and that every 
function weakly computable in the firing sequence length sense is also 
weakly computable in the "output place" sense (just add a new place 
which gets one token from every transition firing). It is not known 
whether every function weakly computable in the "output place" sense is 
also weakly computable in the "firing sequence length" sense. Because 
of this, we shall call a Weak Computer in the "firing sequence length" 
sense a X-free Weak Computer. This terminology is borrowed from 
Petri Net Language theory, where a X-transition is an "invisible" or 
"internal" transition whose firings do not explicitly show up in the output 
of the net. 

We shall thus define a Petri Net Weak Computer in the X-free prefix 
interpretation . Because of the containment property (Theorem 2. 1) of 
Petri Nets, any computation with a given argument can also be carried 
out with any larger argument. This means that only non-decreasing 
functions (in every variable) can be weakly computed by a Petri Net 
under this interpretation. 
Note ; 

In the remainder of this thesis, we shall interpret Petri Net Weak 

Computer as X-free prefix Petri Net Weak Computer. 
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Definition 6.3 ; 

^ Petri Net Weak Computer (in the X-free prefix interpretation) 
for a (non- decreasing) function f = Dm" -♦ IN of n variables 

^1 • * • ^n *^ ^ Petri Net with r s: n places and the followirig 
properties: 

(a) The initial marking M^ agrees with a fixed submarking 

^0^''Pn+l' • • * * Pr^ °^ ^^^ non-input places, and encodes the 
argument in the input places by Mq/{p . . . , p } = 

^■1 » • • • » ^n * 

(b) For every initial marking as described in (a), there exists a 

longest firing sequence of length f(x, , . . . , x ). 

1 n 

Note that there may also exist firing sequences of length shorter than 
f(Xj, . . . , x^) which nevertheless cannot be continued. 

Now we are going to show that diophantine polynomials are weakly 
computable by Petri Nets in the sense of Definition 6. 3 (and hence also 
by the less restrictive earlier definitions of Petri Net weak computability). 
A polynomial P(Xj ... x^) is a finite sum of monomials: 

P(xj . . . x^) = ,1 (M.(x^ . . . x^)) 

where each monomial is of the form: 

M (X ... X ) = a. 'Tiix.^'h 
J ^ " 3 1=1 ^ 

The a . are positive integer coefficients and the p. . are non-negative 
integer exponents. We shall first show how to compute monomials, and 
then how to add them together. 

The basic "circuit element" will be the elementary multiplier . 
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illustrated in Figure 6. 1. 




Figure 6. 1 



This net consists of two control places ff and IT, exactly one of which 
may contain a token initially in IT. Two transitions a and a' transfer the 
token between tr and tp and each time transfer one token from place p, 
which initially contains x tokens, to place p' (initially unmarked). Two 
transitions b and b', which self- loop on IT and TT respectively, shuttle 
tokens between places q and q'; originally, q contains y tokens. It is 
easy to see that a and a' can together fire only x times, and between a 
and a', or a' and a, either b or b' can fire at most y times; the longest 
firing sequence achieves these upper bounds and fires a total of x times 
in {a, a'} and a total of x . y times in {b, b'} for a maximal firing sequence 
length of X • (y + 1); this leaves x tokens in place p'. 

As used in the construction which follows, places p and q may be 
initially unmarked, but will receive up to x and y tokens respectively. 
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The maximal firing sequence is then achieved by waiting until all tokens 
have arrived; if firing starts before, it can only diminish the achievable 
sequence length, never increase it. Since we are only interested in the 
longest firing sequence, it will not be necessary to impose a certain 
sequencing on the various elementary multipliers, because the described 
sequencing will be maximal. 

Lemma 6. 1 ; 

For each i 6 IN"^, there exists a Petri Net S^ with the following 
properties: 

(a) It is a X-free Weak Computer (Definition 6. 3) for the 
polynomial (x^ + iHx^ + 1) • • • (x. + 1) - 1, with input places 
Pi • • • Pj« 

(b) It also has i "output" places p^ . . . p^, initially unmarked, 
into which the tokens from the corresponding "input" places 
Pi • • • Pj are transferred during the computation, i. e. each 
time a token is removed from p., l s j s i, a token is 
deposited in pi. 

J 

Proof ; 

We first note that such a net has the property that after a maximal 
firing sequence, the argument initially in p, ... p. is now in p' ... p!. 
The proof is by induction. 
basis ; 

The net S^ consists of places p^, p^ and transition a^ which simply 
transfers tokens from p^ to pj^ (Figure 6. 2a). For an initial marking 
of Xj tokens in p^ ( and zero in pp the longest firing sequence is 
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clearly of length (x. + 1) - l. 
Inductive Step ; 

We are given the net S.. We construct S.^^ by adding the 
"elementary multiplier" of Figure 6. 1 with places and transitions 
indexed i + 1. Then we let every transition of S. (i. e. transition a 
and, for all j, 2 s j «i, transitions a., a'., b. and b'.) deposit one token 

J J J J 

in place q^^j (Figure 6.2b). 

It is easy to see that the longest firing sequence is obtained by 
first firing a maximal firing sequence in S.. This puts the largest 
number of tokens y into q^^^, and accounts for the first y firings, 
where y = (x^ + iXxg + 1) • • . (x. + 1) - l. it also copies x ... x. 
into places p^ ... p|. Then the "elementary multiplier" fires its 
maximal sequence, of length x.^j(y + l), and transfers x.^^ to p!^ 
The total length is thus x.^^Cy + 1) + y = (x.^^ + l)(y + 1) - l = 
(x^ + iXxg + 1) . . . (x. + iXx.^j + 1) - 1. 

QED 

Lemma 6. 2 ; 

For every diophantine monomial, there exists a Petri Net Weak 
Computer for it which also copies its argument into "output" 
places, as in Lemma 6. 1. 



Proof ; 

Such a Weak Computer for monomial a • x, • x„^ • • • x "is 

12 n 

obt?^ined from Petri Net S.. i = 1 + /3^ + ^g + • . . + iS^ by simple 
modifications as illustrated for the example 3 • x^ • y, where the net 
S4 (Figure 6. 3a) is transformed as shown in Figure 6. 3b. 
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(a) Place p^ is marked with a-1, in this case 2 tokens. 

(b) Repeated multiplication of one variable (exponentiation) is 
achieved by identifying the "output" place of one level (in the 
inductive construction of S.) with the "input" place of the next 
level. In this case, pg is the x input; pg and p' are the same 
place, initially unmarked, used for multiplying again by x, and 
p^ is now the output associated with x. 

(c) We add a "run" place which self-loops on every transition in S., 
and a "start" transition which puts a token into the "run" place 
and removes a token from every p place used as an input for a 
monomial variable (in this case, pg for x and p . for y). The 
"start" transition also adds one token to every monomial "output" 
place (in this case, p^ for x and p^ for y). to restore the correct 
argument at the end of a maximal sequence. 

This construction functions as follows. Recall from the proof of 
Lemma 6. 1 that the maximal firing sequence is obtained by first 
consuming tokens from p^. then from p^, etc. The length of the maximal 
firing sequence of S^ is thus (x^ + l)(x^ + iKxg + l)(x^ + 1) - 1. where 
Xj is the marking of p. prior to the firing of level- j transitions in S 
Thus Xj = 2. Since nothing can fire until "start" has fired (which, 
incidentally, implies x -y ?^ 0). we have x^ = x-1 and x^ = y-1. The value 
of Xg is also Xg = Xg = x-1 because, in the maximal firing sequence, 
level 3 starts firing only after level 2 has transferred all tokens from p_ 
to p^. which is the same place as p^. By counting the "start" firing, we 
get a maximum total of (2+l)(x-l+l)(x-l+l)(y-l+l) -1 + 1. or 3 • x^ • y, 
as desired. At the end of such a maximal sequence, the argument <x, y> 
has been copied into the "output" places p' and p' . 

QED 
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Lemma 6. 3: 



Every diophantine polynomial can be weakly computed by a Petri 
Net for all positive arguments in the sense of Definition 6. 3. 

Proof ; 

We construct a X-free Petri Net Weak Computer for the polynomial 
by concatenating the Petri Nets corresponding to its monomials, in 

some summing order, as shown in Figure 6. 4 for the example 

2 
3.x.y+2.y.z + x.z + 2. We identify the output places of one 

monomial computer with the corresponding input places of the next 

monomial computer. We also let the "start" transition of each 

monomial computer (except the first) remove the token from the 

preceding "run" place. This enforces the summing sequence and 

makes the operation easier to follow, although it is not essential. It 

will be useful in later applications, however. Finally, we allow for 

some extra firings to account for the constant term . The 

maximum firing sequence requires that each monomial Net be 

maximally fired; this makes a full copy of the argument available for 

the next monomial Net, if the argument was positive. 

QED 

The reason we restrict the argument to be positive is that, for a given 
summing order, certain zero arguments can prevent the transmission of 
some positive variables to non-zero monomials later in the sum. This 
happens in the example above if x (or y) is zero and y (or x) and z are 
positive. For <x, y, z) = <0. 1. l> there should be a firing sequence of 
length 4 when, in fact, only the constant can fire (length 2). But this can 



109- 



3x"y 



2yz 



X z 




("begin") 



(constant evaluation) 



optional 



Figure 6.4 



-110- 



input 1_ 



input T 




constant evaluation 



Mj + Mg + Mg 



first "start" 
transition 



Mg + M^ + Mg 



Mg + M2 + M 



Figure 6. 5 



-Ill- 
be avoided, as we show in: 

Theorem 6.2: 



Every diophantine polynomial can be computed by a Petri Net 
Weak Computer (for all non-negative arguments). 

Proof : 

For every subset of zero- valued variables there is at least one 
way of summing the monomials of a polynomial by the construction 
used in the proof of Lemma 6. 3. ' So we simply permit several 
possible orderings of the monomials. For every such ordering, we 
construct a Petri Net as described for Lemma 6. 3, for the non- 
constant monomials. We add a "begin" place which initially 
contains one token, and which is an input place to the first "start" 
transition of every component fixed-order- summation net. All input 
places are shared, i. e. we identify input places corresponding to the 
same variable; these are the input places of the new net. The 
"begin" place enforces that exactly one summation order takes place. 
Finally, there is a transition for evaluating the constant term (see 
Figure 6. 5. j. 

Now. for every non-negative argument, there is at least one 
component whose maximal firing sequence combined with that of the 
constant evaluation is of length P(x^ . . . x^), and no component has a 
longer maximal sequence. Since only one component can fire, the 
construction achieves the desired objective. 

QED 

*) For example, by adding those monomials which would be zero last. 
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In the next chapter we shall see how such a Weak Computer can be 
used to generate polynomial graphs as the projection of Reachability 
Sets, and in Chapter 10 it will be used to encode polynomial graphs as 
Petri Net Languages. In both cases, this forms the basis of the various 
undecidability proofs. 

Remark ; 

Many different constructions are possible for weakly computing 
polynomials. All are more or less awkward if they have to be fully 
general. For a given polynomial it is often possible to "customize" 
the construction and end up with a smaller and more elegant Petri Net. 
It should be pointed out that the complexity of the construction 
presented here is due to the more restricted "firing sequence length" 
interpretation of weak computation by Petri Nets. Even though it is 
orders of magnitude more efficient than the construction proposed in 
Hack [24] for Petri Net languages, it is still of "size" K • N^ in terms 
of the "size" of the polynomial, whereas a construction using the 
"output place" interpretation of weak computation would be of "size" 
K • N, for a reasonable definition of the notion of the "size" of nets 
and polynomials, such as total number of arcs in a net and sum of all 
exponents in a polynomial. 
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CHAPTER 7 
INCLUSION AND EQUALITY PROBLEMS FOR REACHABILITY SETS 

7.1 The Decidability Problems 

In this chapter we investigate the problem of comparing the 
Reachability Sets of two Petri Nets A and B, each with a given initial 
marking. If A and B have the same number of places, and if these 
places are indexed 1 . . . r in both nets, we can compare their Reach- 
ability Sets R(A) and R(B) directly. Given such A and B: 

The Inclusion Problem (IP) is the question of whether R(A) c R(b). 
The Equality Problem (EP) is the question of whether R(A) = R(B). 

Sometimes we are only interested in comparing the Reachability Sets 
restricted to a certain subnet in each Petri Net. In this case we must 
have two subnets of the same number of places, as well as a bisection 
between these two subsets of places, in order to be able to compare sub- 
markings; the nets themselves need not have the same number of places. 
Without loss of generality, we shall assume that the subnets consist of 
the first n places of two given Petri Nets A and B. Now we compare the 
projections of the Reachability Sets on the first n coordinates: 

Definition 7. 1 ; 

The projection on the first n coordinates of a set W c in^^ where 

r ^n, is the smallest set P (W) c JN*^ such that W c p (W) X 

n — — n 



Thus each vector in Pjj(W) consists of the first n coordinates of some 
vector in W. The X in the definition represents the cartesian product. 
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We also use Xto denote the "concatenation" of two vectors: if V € In"^ 
and V 6 IN , then V x V denotes the vector in K which is the 
element of the singleton set {v) x {V'3 c T^^. Thus, every vector in W 
is the "concatenation" of a vector in the projection P (W) and some 
arbitrary vector of r-n coordinates. 

Let A and B, be two Petri Nets with their initial marking, such that 
they both have at least n places (but not necessarily the same number): 
The Subspace Inclusion Problem ( SIP ) is the question of whether 

P^(R(A)) c P^(R(B)). 
The Subspace Ecpiality Problem ( SEP ) is the question of whether 
P^(R(A)) = P^(R(B)). 
In the next sections we shall show that these four problems (IP, EP, 
SIP and SEP) are all undecidable, because the PGIP, which is undecidable 
by Theorem 6. 1, can be reduced to them. Figure 7. 1 shows the various 
reducibilities; thin arcs are the trivial reducibilities of a special case to 
a general case. 

7.2 The Subspace Inclusion Problem (SIP) 

Now we shall use the fact that Petri Nets can weakly compute 
polynomials. 

Lemma 7. 1 : 

Given a polynomial Q(x^, . . . , x^) with non-negative integer 
coefficients, there exists a Petri Net A such that the projection of 
its reachability set on the first n + 1 coordinates is the graph of 
Q: P^^j(R(A)) = G(Q). 
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Proof ; 

Let B be a Petri Net Computer for polynomial Q, as described in 
Chapter 6, with a "begin" place as used in Theorem 6,2. If B has r 
places, let us index them from n+3 through r+n+2 such that 
p o • • • Pp ,9 are the "input" places for variables x. ... x , and 
that Poji+Q is the "begin" place. The initial marking of B's places is 
as constructed in Chapter 6, except that the "begin" place and all 
"input" places are initially unmarked. Thus no transition in B can 
fire until the "begin" place receives a token. 

To construct Petri Net A, we take this copy of B and add n+2 places 
p. . . . P_.2 ^"^^ "^^ transitions ^g • • • ^ ^^®® Figure 7.2). Place 
p 2 ^^ initially marked with one token; places p- . . . p ^ are 
initially unmarked. Transition f),. transfers a token from p „ to the 
"begin" place of B, p^ _. Each transition 9., 1 ^ i s n, selfloops on 
Pn+2 ^'^^' ^^ ®^*^^ firing, deposits a token into place p. and into the 
i input place of B, p , g ■ •• Finally, place p . receives one arc 
from every transition in B, and thus collects a number of tokens equal 
to the length of a firing sequence in B. 

But before any transition in B can fire, 9q must fire, and before 

that only the 9., 1 ^ i ^ n, could fire. Suppose each 9., 1 ^ i ^ n, fires 

X times before flU fires. Then places p. ... p are marked with the 

argument <Xj . . . x > with which B starts to compute, and generates 

anywhere between zero and Q(x, . . . x ) tokens in p ^.. Thus: 

1 n ^n+l 



P^^j(R(A)) = G(Q). 



QED 



From this follows: 
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Theorem 7. 1 ; 

The PGIP is recursively reducible to the Subspace Inclusion 
Problem (SIP). 

Proof ; 

Given two polynomials with non-negative integer coefficients we 
construct two Petri Nets whose projected Reachability Sets are the 
graphs of the respective polynomials as indicated by Lemma 7. 1. 
Then a test for the SIP will also decide the corresponding PGIP. 

QED 

Corollary 7. 1 ; 

The SIP is undecidable. 

Proof ; 

This follows from the undecidability of the PGIP (Theorem 6. 1) and 
the reducibility of the PGIP to the SIP (Theorem 7. 1). 

QED 

Remark ; 

We could easily prove now that the SEP is also undecidable. 

Indeed, projected Reachability Sets are closed under union; If A and 

B are two Petri Nets, each with at least n places, then there exists 

a Petri Net C such that P (R(C)) = P„(R(A)) U P (R(B)). Such a net 

n n n 

C can be constructed by adding a "run" place to A and another "run" 
place to B, both initially unmarked, a new "begin" place initially 
marked with one token, and two transitions which transfer the "begin" 
token to one or the other "run" place. Finally, we identify the n first 
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places of A and B and let them be the n first places of the new net C. 

Now we can use the fact that P (R(A)) c p (R(B)) =» P (R(A)) n 

n — n n ^ 

Pjj(R(B)) = P^(R(B)) to reduce the SIP to the SEP. thus proving the 
undecidability of the SEP. 

The undecidability of the SEP will of course follow directly from 
our proof of the undecidability of the EP in section 7. 4. 

7.3 The Inclusion Problem (IP) 

Now we shall show how we can modify Petri Nets of r places to 
"forget" the marking in r-n "uninteresting" places and thus reduce the 
SIP to a comparison of complete Reachability Sets, the IP. 

Theorem 7.2; 

The SIP is recursively reducible to the IP. 

Proof ; 

Suppose we are given two Petri Nets of r and r' places, 
respectively, and we wish to test, for the twp projections on the first 
r coordinates of the respective Reachability Sets, whether one is a 
subset of the other. 

First, we note that we can always add Ir - r' | places to the smaller 
net (without renumbering the original places) to get two nets with the 
same number of places, say r. If we don't connect these new places 
to any transitions, we will not change the Reachability Set as far as 
the old places are concerned, and thus the problem is reduced to the 
following: 

Given two Petri Nets A and B of r, r ^ n. places each, is 
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P^(R(A)) c p^(R(B))? 



We shall modify both nets by adding two new places p and p 
to each net, and we shall modify the Reachability Sets in such a way as 
to make the inclusion depend only on the first n coordinates. 

Specifically, the modifications are shown in Figure 7. 3. Petri Net 
A' differs from A only in the two additional places, which are 
permanently marked <0, 1>. Therefore we have: 

R(A') = R(A) X {<0,1>} 

Petri Net B' is obtained from B by similarly adding two new places 
Pr+1 ^"^ Pr+2' ^*^i°^ ^^® initially marked <1, 0>. But B' also contains 
several new transitions: a transition Bq which carries a token from 
^r+l ^° Pr+2' ^^^' ^°^ ^^^^ "uninteresting" place p., n+1 s i s r, two 
transitions 9. and 9.'. 9. removes a token from p. and 9.' deposits a 
token in p., and both 9. and 9! self- loop on Pj.^,' finally, place p 

self-loops on every transition of B. Thus p , plays the role of a 

r+i ^ '' 

"run" place for the "old" transitions and p^^ plays the role of a "nm" 
place for the "new" transitions. 

As long as 9q has not transferred the token from p to p_. o' ^' 
behaves like B. But after 9q has fired, the "old" transitions are 
frozen. Since no other transitions involve the "interesting" places 
Pj • • • Pn» *6 marking of these places will not change anymore. But 
the "new" transitions 9., 9.' (for n+1 si Sr) can now be used to generate 
any arbitrary marking in the "uninteresting" places p ^. . . . p , thus 
effectively "erasing" the information contained in these places. It 
follows that: 

R(B') = R(B) X {<1,0>3 U Pj^(R(B)) x JN^"*^ x {<0.1>} 
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Recall that R(A' ) = R(A) x [ <0, 1 > 3 . 

Thus: 

R(A') c R(B') « R(A) g P (R(B)) X W 

n 



r-n 



Since, by definition (Definition 7. 1), P^(R(A)) is the smallest set such 

that R(A) E Pj^(R(A)) x ]N^"" this is equivalent to P (R(A)) £ 

P^(R(B)). Hence: 

R(A') c R(B-) « P„(R(A)) c P^(R(B)) 

n n 

Since we constructed an instance of the IP from the proposed SIP, 

we conclude that the SIP is reducible to the IP. 

QED 

Corollary 7.2 : 

The IP is undecidable. 
This is Rabin' s result, which he first obtained for Vector Addition 
Systems. As mentioned in Chapter 6, our proof is largely based on his 
original proof (1967) as modified in 1972. 

7.4 The Equality Problem (EP) 

The first mention of Rabin's Theorem, in Karp and Miller [33], was 
unfortunately misleading: Rabin was quoted as having shown the 
undecidability of the Equality Problem (for Vector Addition Systems). 
When we found out (at Rabin's talk at MIT in 1972 [56]) that the Equality 
Problem was still open, we became interested in this and other decida- 
bility questions. But it was not until October 1974 that the search was 
successful. 

The difficulty lies in the fact that Reachability Sets are not known to be 
closed under union, as opposed to projected Reachability Sets, as 
mentioned in section 7.2. We got around this difficulty by controlling the 
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non-projected coordinates in such a way as to make the equality of the 
Reachability Sets depend only on the projected Reachability Sets. 

Theorem 7.3; 

The Inclusion Problem is reducible to the Equality Problem. 

Proof ; 

Suppose we are given two r-place Petri nets A and B. We wish to 
test whether R(A) £ R(B). We shall construct from A and B two 
Petri Nets D and E such that; 

R(A) c R(B) « R(D) = R(E) 
Both nets D and E will be constructed from a common net C which, in 
a sense, encodes the union R(A) U R(B). and we shall use the fact 
that: 

R(A) c R(B) « R(B) = R(A) u R(B) 
Petri Net C is constructed as follows: First, we identify the places 
of A with the corresponding places of B. This produces the first r 
places of C. Then we add a "run" place p^^^ for the transition of A 
and a Second "run" place p^^g ^o^ ^e transitions of B. Places 
^1 • • • Pr+2 "mentioned so far are initially unmarked. Finally we add 
a "start" place p^^g, initially marked with one token, and two 
transitions B^ and G^ (see Figure 7. 4). 

Transition e^ transfers the "start" token from p^^, to p , and also 
deposits the initial marking of A into p^ . . . p^. Similarly, transition 
Q2 transfers the "start" token from p^^g to p^^g ^"^ deposits the 
initial marking of B into p^ . . . p^. Thus, depending on whether 9^ or 
83 fires first, C will simulate either A or B, and we have; 
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Figure 7. 4 
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R(C) = <0>^ X <D, 0, 1> U 
R(A) X <1, 0,0> U 
R(B) X (O.l.O) 

Now we can construct Petri Nets D and E as illustrated in 
Figure 7.5. D is obtained from C by adding transition 6L, whicli 
removes the token from p_, o* This can happen only if the first 
firing was 6L and C was in fact simulating B. A firing of 9, thus 
produces only new markings of the form R(B) X <D, 0, 0>, and we have: 

R(D) = R(C) U R(B) X <0, 0, 0> 

Petri Net E is obtained from D by also adding another transition, 
9-, which can remove a token from p ,1 • 84 can only fire if C was 
simulating A, and thus the only new markings are of the form 
R(A) X <0, 0, 0>. Hence: 

R(E) = R(D) U R(A) X <0, 0.0> 

= R(C) U (R(A) U R(B)) X <0. 0, 0> 

Since no marking in R(C) ends in (O, 0, 0>, we conclude that: 

R(D) = R(E) « R(A) c R(B) 

QED 

The combined result of Theorems 7. 1 • • • 7.3 and the trivial 
reducibilities is: 

Theorem 7. 4; 

The EP, IP, SIP and SEP are all recursively equivalent to each 
other, and are all undecidable. 



-125- 



E -T 




R(A) C R(B) « R(D) - R(E) 



Figure 7. 5 



•126- 



In fact, we have proved a much stronger result, since the instance of 
the EP used in Theorem 7. 3 is quite singular: The two Petri Nets 
Whose Reachability Sets we compare differ only by the presence or 



absence of a single transition 9 • 

4 

Thus we may state: 
Theorem 7. 5: 



It is undeoidable whether the removal of a particular transition 
in a Petri Net changes the Reachability Set or not. 

We should point out. however, that this result is not as drastic as i, 
might seem: even though the set of reachable markings may not change, 
its connectivity , as determined by which marking is reachable from 
Which other marking by which firing sequence, is usually ,uite changed. 
Bu, we Shall see that a similar question for Petri Ne, Languages is also 
undecidable (Chapter 10). 
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CHAPTER 8 
PETRI NET LANGUAGES: DEFINITIONS AND PROPERTIES 

8. 1 Labelled Petri Nets 

Until now, we have mainly been interested in those properties that are 
directly related to the reachable markings of the net. In effect, for a 
given Petri Net N with an initial marking M-, we have been studying the 
properties of the Reachability Set R (Mq). 

In many cases, however, it is the properties of the sets of firing 
sequences Sj^(Mq) or T^(Mq, M^) that are of interest. For example, if 
the Petri Net describes an asynchronous system, the various event 
occurrences in the system are represented by transition firings, and we 
may be interested in which sequences are possible from a given initial 
state. This involves a study of the set of firing sequences S„(Mq). 
Sometimes' we would like to know which sequences can lead from the 
initial state to a given final state, represented by a final marking M-. 
In this case we must look at the set of terminal firing sequences 
Tj^(Mq.Mj). 

In order to relate the various transitions to the events whose 
occurrence their firing represents, we attach labels to the transitions. 
If t is a transition, then its label A(t) represents the event whose 
occurrence (in the system) is modelled by a firing of t (in the Petri Net). 
Now, if each transition received a distinct label, the labelling would add 
nothing new. The advantage of using a labelling function lies in the fact 
that we can model a single event by several transitions, and thus 
represent the case of an event which may occur under different circum- 
stances, even if the corresponding markings are incomparable. 

The labelling function also permits us to distinguish between "visible" 



-128- 

and "invisible" transitions, for example in the description of the input- 
output behaviour of a system, where "internal" events are to be ignored. 
Just as we use submarkings to distinguish between "interesting" and 
"uninteresting" places when we study Reachability Sets, we use the 
notion of X -transitions to represent the "invisible" transitions. Their 
label is the "empty" label X, which is another way of saying that they are 
unlabelled. 

Definition 8. 1 ; 

A Labelled Petri Net A = <N, « , A> over an alphabet a is a Petri 
Net N = <n. L, F, B, Mq> together with a labelling function 
A: S -*(X. If A is total, the labelled net is said to be x-free ; if 
A is partial, those transitions which have no label in <X are 
called X-transitions. 

Definition 8.2 ; 

The label sequence A (a) corresponding to a firing sequence 

* 
<7 € L is defined recursively as follows: 

A(X) = X 

A(fft) = if t is labelled then A (g) . A(t) 

else A(cr) 

Thus. X-transitions in firing sequences transform as if their label was 
the empty string X. 

Now that the labelling function A has been defined for strings 
(A: L -* CC), \re can extend it to sets of strings in the natural way. In 
particular, we use the following notation; 
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Let A be the labelled Petri Net <N, CZ, A > : 

S^(Mq) = {x 6 O? I 3a 6 S^iM^h x = A(a)] 
T^(MQ.Mp = {x eOLlaa eTj^(MQ.Mp: x = A(cr)} 
The set S^(Mq) is called the prefix language of the labelled Petri Net 
A (for initial marking Mq). The set T^(Mq. M^) is called the 
terminal language of A (for initial and final markings M^ and M.). 

Definition 8.3 ; 

(a) X is the class of all prefix languages generated by X-free 
labelled Petri Nets. 

(b) X_ is the class of all prefix languages generated by 
unrestricted labelled Petri Nets. 

(c) JC-q is the class of X-free terminal languages generated by 
X-free labelled Petri Nets. 

(d) JC-Q is the class of terminal languages generated by 
unrestricted labelled Petri Nets. 

Remark ; 

^Q-Languages (part (c) of the above definition) are required to be 
X-free (i. e. they contain no words of length zero) to ensure the 
closure under union of the class Jlf q. Thus T^(Mq. M^) is in ^^ only if 
M^ 7^ Mq. The restriction is not as severe as it seems; For every 
language T^(M,M) (called a cyclic language) there exist A', M' and 
M- such that T^(M. M ) = {x3 U T^,(M^, M') and M", ^ M^ . For a 

further discussion of this point refer to Hack [24]. 

Figure 8. 1 summarizes Definition 8. 3. It is clear from the definition 
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8.2 Standard Form 

For many proofs and constructions it is useful to impose certain 
constraints on the Petri Nets used to generate a given language. We are 
of course mainly interested in constraints which do not restrict the class 
of languages that can be generated. If a certain set of constraints is 
particularly useful, it makes sense to define a Standard Form for 
language- generating Petri Nets: 

Definition 8. 4; 

A Labelled Petri Net A is said to be in Standard Form iff it 
satisfies the following constraints: 

(a) The initial marking Mq is standard and consists of exactly 
one token in a designated "start" place, and zero tokens in 
all other places. Since Mq is understood, we shall use S^ 
instead of S^(M-) for the prefix language of A. 

(b) For defining the terminal language of A, the final marking is 
standard, and is the zero marking: M. = 0. We shall use 
T^ instead of T^(Mq, 0) if Mq is the standard initial marking. 

(c) No transition is firable at the zero marking, i. e. every 
transition has at least one input place. 

The following Standard Form Theorem asserts that these constraints 
do not change the classes of Petri Net Languages that can be generated by 
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nets in Standard Form: 

Theorem 8. 1 ; 

For every Labelled Petri Net A with initial and final markings 
Mq and M„, there exists a Labelled Petri Net B which is in 
standard form, and which generates the same language as A; 

Sa^Mq) = Sg 

T^(Mq, Mj) = Tg (assuming M^ ^ Mq) 



Proof: 



Let A = <N. a , A> and N = <n. L, F, B. Mq>. with H = {p^ . . . p } 
and E = [t^ . . . t^}. 

Let us also assume that every transition t 6 L has at least one 
input place in 11. This can always be guaranteed by including a "run" 
place which self-loops on every transition in E, and which contains 
one token at all markings, including M_ and M.. Such a "run" place 
does not change the firability or the result of a firing of any transition, 
and hence does not affect any firing sequences. 

We shall transform N into a new net N' by adding a new place - the 
"start" place p^ - and a number of transitions. The standard initial 
marking M^j consists of one token in the "start" place p^ and zero 
tokens in all other places (11). 
(a) To satisfy condition (a) of the Standard Form, we add, for each 

transition t^ which could fire in N at Mq (i. e. for which M^. ^F{t.)), 
i a new transition t| whose only input is the "start" place p„, and 
whose output places are such that the marking resulting from a 
firing of t| at the standard initial marking is the same as that 
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resulting from a firing fo t. at M^: 

B(t!) = Mq - F(t.) + B(t.) 
The label of t! is the same as that of t.. It is now easy to see 
that every label sequence A(0") of A, corresponding to firing 
sequence a € Sj,(Mq), is also generated by the firing sequence 
J' 6 Sj^,(M' ) which differs from a only in the first firing where 
some t, has been replaced by t!. Conversely, every firing 
sequence of N' must stam with a firing of some t'., since all 
tj-transitions are disabled at M' : no place in 11 is marked at MJ.. 

(b) To satisfy condition (b) of the Standard Form, we add, for each 
transition t. which could fire last in a terminal firing sequence of 
N (i. e. such that M^ ^ B(t.)), a new transition t'.', labelled like t., 
and such that B(tp = and F(tp = M^ - B(tj) + F(t.). This impUes 
that tV is firable only if t. is firable (by construction, FCt'.) ^ F(t.)), 
and that a firing of t'' reaches the zero marking iff a firing of t. 
reaches M« Thus no new label sequences are obtained, and 
every terminal firing sequence ff of N can be replaced by a 
terminal firing sequence cr« of N' by priming the first firing of o 
(replacing t. by tl) and by double-priming the last firing a - 
provided the length of cr is at least 2. Since M. ?^ Mq by 
assumption, the only remaining case is a terminal sequence of 
length one, i. e. transitions t. such that MQ[t.>M-. For such a 

t, we add tl" labelled like t. whose sole input place is the "start" 
place Pq, and which has no output places: M' [t!">0, 

(c) Since all new transitions have input places if all old transitions 
have input places (as assumed), condition (c) of the Standard 
Form is also satisfied. 
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Mq = < 1, 1, 1> 



Mj= <2, 1, 1> 




"start 



"stop" 



"singleton" 



Figure 8. 2 



-135- 

The new Labelled Petri Net B consists of the /modified net N', and 
its labelling function is tlie extension of A which assigns to each new 
transition (t^ or tV or t!") the label of the old transition (t.) to which it 
is due. B is in Standard Form by construction, and has the same 
prefix and terminal language as A. 

QED 

Figure 8. 2 shows a Labelled Petri Net A and the corresponding net 
in Standard Form obtained by the construction above, B. For a more 
detailed discussion of Standard Form Labelled Petri Nets, refer to 
Hack [24]. 

8. 3 The Relationship Between Prefix and Terminal 
Petri Net Languages 

It is not difficult to add X- transitions to a Labelled Petri Net such that 
the zero marking becomes reachable from every marking, without 
changing the prefix language generated by the net. For example, if we 
have a "run" place which self-loops on all "old" transitions of the net, 
we may add to every place a X-transition which can remove any or all 
tokens, and a "clear" place which self-loops on all these new X-transitions. 
The "run" token can be transferred by a X-transition to the "clear" place 
and later absorbed by another X-transition. Now the "old" transitions 
can be frozen after any firing sequence, after which the zero marking 
can be reached via X-firings exclusively. 

In fact, the sequencing control of the "run" and "clear" places is not 
needed. The new X-transitions may be fired at any time to reduce the 
marking of the net. This does not change the set of label sequences that 
can be generated, because, by the containment property (Theorem 2.1). 
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any firing sequence possible at the smaller marking can also be fired at 
the larger marking. 

We have just shown that jtr E ^n' ®"^ ^^® same principle of being 
able to reach arbitrarily small markings by the same label sequences as 
in the original net can also be carried out without introducing new 
X-transitions. 

Theorem 8.2 ; 

For every Labelled Petri Net A there exists a Labelled Petri Net 
B whose Prefix and Terminal Languages are equal, up to X. to 
each other and to the Prefix Language of A, and such that B is 
X-free if A is X-free: 

Tg(MQ, 0) = S^(Mq) - {X] = Sg(MQ) - {x3 (if A is X-free) 
Tg(MQ,0) = S^(Mq) = Sg(MQ) (if x-transitions are 

allowed) 

Proof: ' 

The Labelled Petri Net B is obtained from A by adding new 
transitions. No new places are added, and the initial marking is 
unchanged. The terminal marking for B will be the zero marking. 

Let L = {tj^ . . . tg] be the set of transitions of A (the "old" 
transitions) and let A be the labelling function. Each t. 6 E is 
replaced by the set of transitions {©? |F(ig3) = F(t.) & B(9?) ^B(t.) 
& A (9^) = A(t.)}. Here, j is simply an extra index to distinguish 
between the various "new" transitions corresponding to a given "old" 
transition, and one 9^, say is an exact copy of t.. The "new" 



*) This proof is based on an idea of J. L. Peterson [25], 
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transitions are firable at the same markings as the "old" transitions, 
but they may "lose" any or all the tokens they wotild deposit. If 
we now consider an arbitrary firing sequence of the "new" transitions, 
say Mp[a'>M', then the corresponding firing sequence O of "old" 
transitions - obtained by replacing each sj-firlng by a t.-firing - is 
also firable and leads to a larger marking: MQ|iCT>M & M ^ M'. 
Conversely, if we are given an "old" firing sequence ff such that 
MQ[a>M. we may replace it by a "new" firing sequence where, at each 
step, we choose the "smallest" ej capable of being followed by the 
rest of the firing sequence. The last firing will then reach the zero 
marking. Thus no new label sequences are added, and any non-empty 
firing sequence can be replaced by a zero-reaching firing sequence 
which generates the same label sequence. 

QED 



Corollary 8. 1 ; 



Cl-{x3 |l 6:t3 e j!„ 



Figure 8. 3 illustrates the construction of the proof of Theorem 8.2. 

^•* Closure of Petri Net Languages under Union and Intersection 

The closure properties of Petri Net Languages are discussed in detail 
in Hack [24]. For the purpose of studying the Decidability Questions of 
Petri Net Languages (Chapters 9 and 10). we only need closure under 
Union and Intersection. 
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A: 





Figure 8. 3 



-139- 

Theorem 8. 3 

Given two Labelled Petri Nets A and B, there exists a Labelled 
Petri Net C which is X-free if both A and B are X-free, and 
whose language is the union of that of A and that of B: 

TC = ^A ^ Tg 

Proof ; 

To establish the closure oi£, jLq, i3f\ £q under union it is 
advantageous to use Labelled Petri Nets in Standard Form. 

We recall that a net in Standard Form has a "start" place, which is 
the only place marked initially, and a standard final marking, the zero 
marking. Suppose we are given two nets A and B, generating S - and 
S„, respectively, as prefix label sequences {J^, £r) or T . and T„ as 
terminal label sequences (^-., Jf «). We then construct a new net C 
by juxtaposing the two nets A and B, and by identifying the two "start" 
places; the resulting net has thus one "start" place and may have two 
"run" places. We note that if A and B are X-free, then so is C. An 
example is shown in Figure 8.4. 

The resulting net can easily be seen to satisfy the Standard Form 
conditions, and its label sequences are either those of A or those of B, 
depending on the first transition firing. The same applies to terminal 
sequences, since one portion of the net (corresponding to the language 
not simulated) retains its zero initial marking, and reaching the zero 
marking is thus the same as reaching the zero marking in the "active" 
portion of the net alone. 

QED 
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A: 




'start 



"first 



"singleton" 



"stop" 



B: 




"start" "first" 



"stop" 




Figure 8. 4 
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Corollary 8.2 ; 



X -^X 



The language families J^, Xn, *C , ^^ are closed under union 



Theorem 8. 4; 

Given two Labelled Petri Nets A and B over the sarae alphabet, 
there exists a Labelled Petri Net C which is X-free if both A and 
B are X-free, and whose language is the intersection of that of A 
and that of B: 

Proof ; 

Suppose we are given two Labelled Petri Nets A and B. Let us 
first consider the case of J^- languages. We shall construct a 
Labelled Petri Net C such that its firing sequences correspond 
precisely to label sequences common to A and B. As a first step, 
we shall combine A and B in a way which forces them to generate the 
same strings. To do this, we juxtapose A and B (each with its initial 
marking). We add a new place ff_ and, for each symbol a € ^(the 
alphabet Ct is common to A and B), a new place ff . Initially, ff. has 
one token, all other ff-places are blank. 

As shown in Figure 8.5, we connect ff_ as an input to each labelled 
t € E. , and as an output to each labelled t € Lg, For each symbol 
a € (^ we connect it as an output to each a- labelled t ^ L. , and as an 
input to each a-labelled t € L^. X-transitions in S. or ZL are not 
connected to the iT-places. 

This arrangement enforces a strict alternation between labelled 
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Flgure 8.5 
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firings in A and B; X -firings are not restricted. Each labelled 
firing in A is furthermore necessarily followed by a similarly 
labelled firing in B. In a sense, the ff-places "remember" which 
symbol was last generated in A and enforce the repetition of this 
symbol in B before returning a token to ff As a result, the even- 
length label sequences of C are precisely those obtained by repeating 
twice each symbol from a label sequence that could be generated by 
both A and B. If we now remove the labels from all transitions in 
E^, we will in effect erase the first symbol in each such repetition. 

Our construction for the intersection of two JC^ -languages consists 
thus of a Labelled Petri Net C, as described above, where all 
transitions in S^ have become X-transitions. Then we have 

In the case of two Jlf^- languages, both nets A and B are to reach a 
final marking. Let the final marking of the net C, constructed as 
above, be the juxtaposition of the two final markings, and one token in 
^Q and zero tokens in the other ir -places. Then it is clear that: 

This proves the theorem for £.^ and jf ^, 

The situation is more complicated in the case of ^f^ and Jl^- languages. 
If the original nets A and B don't have X- transitions, the net C resulting 
from the previous construction will have X-transitions, namely all the 
L^ -transitions. However, each X-firing will be immediately followed 
by a labelled firing. We will show how to combine these two firings 
into a single labelled firing. 

Figure 8. 6 shows the portion of the Labelled Petri Net C of 

Figure 8. 5 that is connected to ff , 

a 
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Figure 8. 6 




equivalent firing: 

■ t ' 



"t.t. •• 



"trt. " 



■5 7 



"t t " 



"t t " 



Figure 8. 7 
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We see that any a-labelled firing (tg or t^) is always preceded by a 
firing of tg or t^. There are four (2X2) possible combinations: 
^5^6' V?' ^1^6' ^1^7* ^^^^ generating the symbol a. Thus, we can 
eliminate the X-transitions by replacing tg, tj/tg, t^ with four new 
a-labelled transitions which have the same effect as the combined 
firings tgtg, tgt^ • . • ; this eliminates place ff . 

This reduction can be applied to all other JT-places, except ff^ 
which remains as a marked self-loop on all new (combined) transitions, 
like a "run" place. 

Figure 8. 7 shows the result of eliminating place V from the 
partial net of Figure 8. 6. 

This construction shows that, if both A and Bare X-free, we can 
transform C into a X-free Labelled Petri Net whose £ or ;f -language 
is the intersection of the corresponding languages for A and B. 

QED 

From this we may conclude: 

Corollary 8. 3 : 

The families J^, Zq, X^, £^ are closed under intersection. 
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CHAPTER 9 
PETRI NET LANGUAGES: MEMBERSHIP AND EMPTINESS PROBLEMS 

9. 1 Membership Problems 

The membership problem is the question of deciding whether a given 
string can be generated by a given Labelled Petri Net. In the case of 
X-free nets, the problem is trivial: Each label sequence can be 
generated by only a finite number of firing sequences, all easily obtained 
from the given label sequence. And it is clearly decidable whether a 
given firing sequence can be fired from the initial marking, and whether 
it reaches the final marking; just try to fire itl Thus: 

Theorem 9. 1 : 

The membership problem for Jf-- languages and for J? -languages 
is decidable. 

In Hack [24] we show that ^- and Jf^- languages are effectively context- 
sensitive. This of course also implies the decidability of membership. 

The case of t- -languages is more interesting, because a given label 
sequence may correspond to infinitely many different firing sequences. 
But this case is also decidable. 

Theorem 9.2: 

The membership problem for,i^^-languages is decidable. 

Proof : 

We shall reduce this problem to the coverability problem 
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(Chapter 3). Suppose we wish to decide whether a string, say "abac", 
is in the t^ -language of some labelled Petri Net A. Let us construct 
a Petri Net B which spells out the string "abac", as shown in 
Figure 9. 1; it is a trivial Finite-State Machine. Place p^ will 
receive a token if and only if the string "abac" is actually fired. 

Now let us perform the intersection construction of Section 8. 4 for 
the two nets A and B, as is indicated schematically in Figure 9. 2. 

Now the test place pg of B may eventually receive a token if and 
only if abac € S^. But it is decidable whether p^ may ever get a 
token, by Corollary 3. 1(d). Hence membership in S^ is decidable. 

QED 

The construction used in the preceding proof can also be used to test 
for membership in the ;f ^-language of a Labelled Petri Net such as A. 
But, in this case, the test string "abac" is in T^ only if it is possible to 
reach the final marking of A while getting a token into the test place p-. 
In other words, we must test whether this combined final marking is 
reachable in the net of Figure 9. 2: This is the Reachability Problem. 

As it turns out, the Reachability Problem is also reducible to the 
membership problem for ^^-languages: 

Theorem 9. 3; 

The membership problem for ^^-languages is recursively 
equivalent to the Reachability Problem. 

Proof ; 

The reduction of the membership problem to the Reachability 
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Figure 9. 1 
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Figure 9. 3 
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Problem was illustrated above by means of the same construction as 
in the previous proof. 

To prove the reverse reducibility, we will show that J^^-languages 
can suitably encode Reachability Sets. 

Let A be a GPN with places p. ... p whose Reachability Set is to 

be encoded. Let B be the labelled GPN obtained by leaving all of A's 

transitions unlabelled (X-transitions) and by adding a "run" place ff. 

which self- loops on every transition in A, a set of n places w ... ir , 

a set of new X-transitions fl, ... 9 , a set of n labelled transitions with 

1 n 

labels a^^ . . . a , and a "stop" X-transition. See Figure 9. 3. 

The initial marking M« consists of the initial marking Mq of A for 

the old places p- . . . p , one token in ir_ and zero tokens in ff- . . . it . 

The new X-transitions 9. transfer a token from it. loir.; "stop" 

removes a token from n . Each a. -transition self- loops on it. and 

n 1 '^ 1 

removes one token from p.. 

While iTq has its token, A fires as it did before being modified, and 
reaches some marking M € Ra(Mq) before 8- fires. Now the only way 

to reach the zero marking in the modified net B is to fire the firing 

„ M(pi) „ M(p9) M(pn) „ 

sequence Q^a^ '^^ fi^ag '^-s . . . g^a *^" "stop". Therefore, the 

J^Q-language of B encodes the reachability set of A as follows: 

T^CMI,. 0) = {a^l ^? • • • <" I <^' . . . . x^> 6 R^CMq)} 
We may now use this encoding to test whether a marking is reach- 



able in A: We test whether the corresponding string is in T— . 



QED 



9.2 Emptiness Problems and Finiteness Problems 

The Emptiness Problem asks whether the language generated by a 
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given Labelled Petri Net is the empty set, i. e. whether the net generates 
any strings at all. 

This question is moot for prefix languages {it and jC^), since these 
always contain at least the empty string. And if we ask whether the 
prefix language contains strings other than \, it is sufficient to ask 
whether it contains strings of length one, which is simply a finite number 
of instances of the decidable membership problem for prefix languages. 

In the case of terminal languages {^^ and ;Sq), we ask whether the set 
of terminal strings T^(Mq,Mj) is empty for a given Labelled Petri Net 
A = <N,a,A>. But this is precisely the Reachability Problem for Petri 
Net N, because, regardless of the labelling A and the alphabet CC, we 
have: 

Thus: 

Theorem 9. 4; 

The emptiness problem for terminal Petri Net Languages 

{£.Q and;^^) is recursively equivalent to the Reachability Problem. 

Finally, let us mention the Finiteness Problem, where we ask whether 
a given Labelled Petri Net can generate infinitely many distinct label 
sequences. » 

For prefix languages we have: 

Theorem 9. 5; 

Finiteness is decidable for prefix Petri Net Languages (^ and^^). 



-151- 

Proof ; 

Let A be a Labelled Petri Net. Then S . is infinite iff it contains 

arbitrarily long label sequences. Let us add to the Petri Net a 

"count" place which receives a token from every labelled transition. 

This place is bounded iff the prefix language is finite. But 

boundedness is decidable (Theorem 3.4(b)). 

QED 

So far, not much is known about the finiteness of terminal languages. 
But we have: 

Theorem 9.6: 



The Reachability Problem is recursively reducible to the 
Finiteness Problem for terminal Petri Net Languages (.S^q and i^^). 

Proof ; 

In the light of Theorem 9. 4 it is sufficient to reduce the Emptiness 
Problem for terminal languages to the corresponding Finiteness 
Problem. 

Let A be a Labelled Petri Net in Standard Form. Add to it a 

labelled transition which self-loops on the "start" place. This does 

not affect the reachability of the final (zero) marking, but if a terminal 

label sequence exists, then arbitrarily long terminal sequences can be 

obtained by first firing the new transition arbitrarily often: The 

language of the modified net is infinite iff the language of the given net 

is non-empty. 

QED 
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Summary of the results of this chapter (the abbreviations speak foi 
themselves): 

^ <^ decidable 

^ J! decidable 



Note: 



^ ^Q decidable 

^ ^Q equivalent to RP 



i^ trivial 

Z^ trivial 

cJ^Q equivalent to RP 

X-Q equivalent to RP 

" ti^ decidable 

° ^^ decidable 

" o^Q RP reducible to it 

" c^Q RP reducible to it 



The results of Chapters 8 and 9 pertaining to the class^g have 
been obtained independently by Peterson [52] in 1973, 
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CHAPTER 10 
PETRI NET LANGUAGES: EQUIVALENCE AND INCLUSION PROBLEMS 

10* 1 Petri Net Languages can Encode Polynomial Graphs 

We recall that the graph of a diophantine polynomial (non- negative 

integer coefficients) P(x, ... x ) is the set: 

1 n 

G(P) = «Xi x^,y> eiN"-^! |y^P(Xj ... x^)] 

In Chapter 7 we showed that Petri Nets could encode polynomial 
graphs in terms of projected Reachability Sets. In this section we show 
how to encode polynomial graphs by means of ;^-languages. 

A natural way to encode sets of vectors over the integers into 
languages is to use the Parikh mappiner ; 

Definition 10.1 ; 

(a) The Parikh mapping for an alphabet d = {a .... a 3 is a 
function #: CI "♦ IN*^ such that # (w) is a vector whose i^^ 
coordinate expresses the number of occurrences of symbol 
a^ in string w. 

(b) The Parikh mapping is extended to languages in the natural 
manner: 

L E of : # (L) = [V 6 in" I 3w e L: V = # (w)} 

Now we shall prove that polynomial graphs can be encoded as the 
image under the Parikh mapping of an /.-type Petri Net Language. The 
coding is chosen such that there is exactly one language which encodes a 
given polynomial graph. Each vector in the polynomial graph corres- 
ponds to a set of strings, and the language is the disjoint union of these 
sets of strings. 
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Theorem 10. 1; 

For every diophantine polynomial P there exists a X-free 
Labelled Petri Net A such that the Jt -language of A encodes the 
graph of P via the Parikh mapping as follows: 

S^ is the largest subset of the regular language 

(a^ + ag . . . + a^) (a^^^) such that 

#(S^) = GKP) 

Proof ; 

Let B be a Petri Net Weak Computer (A.-free and prefix) for the 
polynomial P, as described in Theorem 6. 2. We construct the 

Labelled Petri Net A by adding transitions fl, . . . , one for each 

1 n 

"input" place of B. Each transition 9. self-loops on the "begin" place 

and deposits tokens into the i^*^ "input" place, corresponding to 

variable x.. All transitions of B (the "old" transitions) are labelled 

^n+1' ^'^^ ®^°^ "new" transition 9. is labelled a.. Thus all 

transitions of A are labelled, and A is X-free. (See Figure 10. 1. ) 

The initial marking of A is the standard initial marking for B (as 

constructed in Chapter 6), with one token in the "begin" place and 

zero tokens in the n "input" places. One property of Petri Net B is 

that none of its transitions (the "old" transitions, labelled a ) can 

n+1 

fire until one of them has removed the token from the "begin" place, 
and that once this token has been removed, the "begin" place cannot 
become marked again. This means that all firings of the "new" 
transitions 9. must precede all firings of the "old" transitions. Thus 
^A - f^^l + ag + • • • + a^) (a^^^j)*}, and the only restriction is that 
the number of firings in B be no more than the value of the polynomial 
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all "old" transitions are 

labelled a 

nfl 



Figure 10. 1 
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P for the argument generated by the preceding 9 -firings: S . is 
indeed the largest language satisfying the sequencing requirement 
above such that # (S . ) = G(P) 

QED 

Remark ; 

(a) The construction is not essentially different from that used in 
section 7.2 for projected Reachability Sets. 

(b) Since every prefix language is also a terminal language (up to X), 
we can also encode polynomial graphs as ^^q, ^^ or Jlt^-languages. 
except that this encoding leaves out the zero vector in the case of 

10.2 Undecidable Equivalence Problems 

In this section we shall establish the undecidability of various 
Inclusion and Equivalence Problems by reducing the undecidable 
Polynomial Graph Inclusion Problem (PGIP) to them. The undecidability 
of the PGIP was established in Theorem 6. 1. 

Theorem 10.2 ; 

The Equivalence and Inclusion Problems for Petri Net Languages 
Ql, ^q, Z and ,J^q) are undecidable. 

Proof ; 

(a) The Inclusion Problem for j^-languages is undecidable: Let P 
and Q be two arbitrary diophantine polynomials, and ask whether 
G(P) E G(Q) (The PGIP). Theorem 10.1 asserts the existence 
of two X-free Labelled Petri Nets A and B such that; 
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#(S^) = G(P) 

# (Sg) = G(Q) 

Both S^ and S^ are the largest subset of the regular language 

(Hj + . . . + a^) (a^^j) satisfying the polynomial constraints 

above. 

Therefore G(P) c G(Q) « S^ c s^. and the PGIP can be 
reduced to the Inclusion Problem for i^C -languages (IPJL). 
(h) By Theorem 8. 2 there exist X-free Labelled Petri Nets A' and B- 
whose terminal C^.^-) language is the same as the ;^ -language of 
A and B, up to the empty string X. Since the zero vector #(x) 
is always in both G(P) and G(Q). we also have; 

G(P) E G(Q) « T^, c Tg, 
Therefore the Inclusion Problem for i^Q- languages is also 
undecidable. 

(c) Since it. ^ :t^ and .^f^ c jP^, the Inclusion Problem is undecidable 
for all Petri Net Languages U, £^, ^^ and,5e^-languages). 

(d) Since all four families tf . i^^. £>■ and 4) are effectively closed 
under union (Theorem 8. 3 and Corollary 8.2). the undecidability 



of inclusion implies the undecidability of equivalence for ^C. it , 

QED 



X.^and^^. 



Now we shall investigate to what degree the language generated by a 
Petri Net depends on the structure of the net. We shall see that the 
generated language is quite sensitive to minor changes in the structure of 
the net. Indeed, it is undecidable in general whether such small changes 
in the net also induce a change in the language. This recalls a similar 
situation for Reachability Sets (Theorem 7. 5). 
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Theorem 10. 3; 

It is undecidable whether the addition or removal of a given 
transition changes the language (prefix or terminal) of the net. 

Proof ; 

Consider the Labelled Petri Net C of Figure 10.2. It contains two 
components A and B which are assumed to be in standard form, with 
respective "start" places p^ and pg. These places are connected to 
a new "start C" place pg by transitions t^ and x^. both labelled c, 
where c is a new symbol not in the alphabet of A or B. The initial 
marking of C consists of just one token in its "start" place, p,. 
We have: 

S^ = CXJ U c . (S^ U Sg) 
T^ = c . (T^ U Tg) 

Let C be obtained from C by removing tg. Now B cannot be started, 
and we have: 

s^., = CxJ U c . S^ 



Hence: 



^C = ^C " Sg c S^ 

In other words, the inclusion problem for the languages of A and B can 
be reduced to the equality problem for the languages of C and C. 
which differ only in the presence of transition t«. 

QED 

Corollary 10. 1 : 

It is undecidable whether any of the following changes affects the 
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C or C: 





"start A" 



• '"start C" (C is the same as C, but without t„) 



\ P 




"start B" 



D: 



Figure 10.2 



^3 \^start D" ^ 
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language generated by a Labelled Petri Net: 

(a) changing the initial marking by one token 

(b) (for i^Q, )£.Q ): changing the final marking by one token 

(c) removing a place 

(d) removing or changing the size of an arc 

(e) removing or changing a label on a transition 

Proof ; 

AH these cases can be transformed into the removal or addition of a 
transition, as in Theorem 10. 3. We leave the details of the 
construction to the reader as an instructive exercise. (Cases (a) 
and (c) are discussed in Hack [24]. ) 

Finally, we recall that every prefix language can be generated by a 
net whose prefix and terminal languages (up to X in the case of £-.) are 
the same. But in general, for a given Petri-Net, we cannot determine 
whether the prefix and the terminal language of the net are the same 
(up to X in the case of ^n): 

Theorem 10. 4; 

It is undecidable whether every non-empty prefix label sequence 
of a Labelled Petri Net is also a terminal label sequence of the 
same Net. , 

Proof ; 

Consider the Labelled Petri Net D of Figure 10. 3. It is obtained 
from C (in Figure 10.2) by adding an output place p. (initially 
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unmarked) to x^ ^nd a third transition t„, also labelled c, which 
simply may remove the "start" token from p„, the "start D" place. 

Without loss of generality (Theorems 8. 1 and 8.2) we choose A 
such that S^ = T^ U (x) . 
We have: 

Sj^ = {X} U c U c . (S^ U Sg) 
Since X ^ S., we can rewrite this as: 

Sj3 - {X3 = c . (S^ U Sg) 
Let the final marking of D be the zero marking. Because of p.. no 
terminal sequence can fire t„. Thus: 

Tj3 = c U c T^ = c. (T^ u {\3) 
Because of our choice of A this is also: 

In other words: 

Tq = Sj3 - {X3 « Sg e S^ 

and the undecidability follows from the undecidability of the inclusion 

problem for Jl^- languages. 

QED 

10.3 The Equivalence Problem for Sets of Firing Sequences 

The sets of firing sequences S^(Mq) or terminal firing sequences 
Tj^CMq, M^) can of course be regarded as Petri Net Languages of type ;6 
and £q respectively, by considering the Petri Net N to be a Labelled 
Petri Net where the alphabet is the set of transitions, and each transition 
is its own label. In Hack [24] we call such Labelled Petri Nets, where 
all transitions have distinct labels. Free- Labelled Petri Nets , and their 
languages, the Free Petri Net Languages , of type ^^ (prefix) or J^^ 
(terminal). 
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The Equivalence Problem for Sets of Firing Sequences is the problem 
of deciding, given two Petri Nets N and N' and a bijective correspondence 
between their transitions (for purposes of comparing firing sequences), 
whether Sj^(Mq) = Sj^,(MJj) or Tj^CMq. M^) = Tj^.CM-j. Mp. In terms of 
Petri Net Languages, it is the Equivalence Problem for Free Petri Net 
Languages (of type £. or Xq)- We also have the corresponding Inclusion 
Problems. We shall show that the Inclusion Problems for Sets of Firing 
Sequences are reducible to the Reachability Problem. If it turns out 
that this is decidable, then this will imply that Free Petri Net Languages 
are essentially less powerful than Petri Net Languages in general. (It is 
already known that some particular Jlf^-languages are not Free. ) 

Theorem 10. 5 ; 

The Inclusion and Equivalence Problems for the Sets of all Firing 
Sequences {tor £, -languages) are reducible to the Reachability 
Problem. 

Proof ; 

It is sufficient to reduce the Inclusion Problem to a problem 
equivalent to the Reachability Problem, such as the Sub-Liveness 
Problem (SLP) for a given transition. 

Let two Petri Nets A and B be given, each with its initial marking, 
and let their sets of transitions be Ctf . . . t^J and {t? . . . t^} . For 
the bijective pairing t. ** tf . we ask whether S. c s„. 

We connect the two nets together in a new net C, as shown in 
Figure 10. 4. The construction is based on that for the intersection of 
two language's (Figure 8. 5): there is a control place ff (initially 
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Figure 10. 4 
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marked with one token) and "symbol-remembering" places n., one for 
each pair of corresponding transitions t^. t?. If all it.. 1 s i s n, are 
empty, then the firing sequence fired so far in A has been exactly 
echoed by B. 

The token in ff^ can also be transferred to place JT" via transition 
y. and permanently enable the test transition 9. which self-loops on 



71". 



It appears that the only markings of the new net C at which 9 is not 
potentially firable are markings with a token in some ir.. 1 s i s n, at 
which the corresponding transition t? is not firable. Such a marking 
is reachable if and only if there exists a firing sequence a in A. 
ending in t. . which cannot be echoed completely by B: a 6 S - S , 
and S^ i Sg. 

Thus 9 is live iff S^ c S^. and the inclusion problem for A and B 
can be reduced to the SLP for 9 in C. 

QED 

The inclusion problem for terminal firing sequences i^^) will also be 
shown to be reducible to the Reachability Problem. But in this case, 
the RP is also reducible to the equivalence problem: the RP for 
Mf € Rj^(Mq) is the equivalence problem T^iM^, M^) = ^. because it is 
trivial to find a Petri Net N- such that T^^, = ^. We have: 

Theorem 10. 6: 

The Inclusion and Equivalence Problems for Sets of Terminal 
Firing Sequences are recursively equivalent to the Reachability 
Problem. 
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Proof ; 

We just mentioned the reducibility of the RP to the inclusion and 
equivalence problem. To show the reducibility of the inclusion (and 
thus also equivalence) problem to the RP. we reduce it to the SLP for 
a given transition d, as in the preceding proof. 

Let two Petri Nets A and B be given, with their initial markings, 
and let their final markings be M^{A) and M^(B). respectively. We 
construct a new net C as shown in Figure 10. 5. It contains the 
construction of Figure 10. 4, plus the following: 

- a place in which records the presence of a token in some 
"symbol-remembering" place ff., 1 :s i s n. 

- for each component (A or B. indicated by subscript), a 
mechanism for testing whether the corresponding final marking 
M^(A) or M^(B) has been reached. This consists of a transition 
e^ which removes exactly M^(A) from the places of A, a place 
ir^ which gets a token from 9^. and a set of transitions a, one 
per place of A, which can remove a token from ff . only if the 
corresponding place of A still contains a token. A place fft 
initially with one token, prevents S^ from firing more than 
once. If A has reached a marking M(A) = M^(A), then a firing 
of 9^ is possible and it disables all a -transitions. 

- The final-marking detectors are interconnected as follows: 

9^ removes a token from n". 

The a -transitions return this token to if'. 

Bq removes a token from IT. . 

The ^-transitions return this token to ff. . 

- Finally, a transition y' removes a token from each of rr, ir and 



•166- 



TTg and drops a token in ff", whereas transition y" transfers a 
token directly from ff to ff". 
This construction works as follows. We start by firing only transi- 
tions in A, echoed in B. If at any time we fire y instead of some t^ 

i ' 
we get a token stuck in w". and B cannot cease to be firable- rr is 

■ A 
empty, and 9^ is disabled. 

If we fire y, we have previously completed and echoed some firing 
sequence a 6 S^ H S^, reaching markings M(A) and M(B) in A 
respectively B. 

The token now in W may be stuck there if M(A) 4 M^(A). because 
then 9^ is not firable. Hence a ^ T^ and 9 cannot cease to be firable. 
If. however, M(A) ^ Mj(A). we fire 9^. The token can escape from 
ff^ if some a is firable (M(A) > M^(A)) or if B^ is firable 
(M(B) 2 Mj(B)). If neither is firable, then M(A) = M^(A) and 
M(B) i Mj(B), i. e. a 6 T^ - T^. The token is stuck in ir^ and 9 is 
not potentially firable: 9 was not live at the initial marking. 

If we did leave n^ by firing some a, the token returns to ff" and 
is now stuck there, because 9^ has already fired (ff^ is empty), and 
9 is permanently firable. 

If we did leave n^ by firing B^, we have M(B) ^ Mj(B). The token 
cannot get stuck in n^ because via y" it can return to tr" and get stuck 
there, with 9 permanently firable. But if some ,3 is firable 
(implying M(B) > M^(B). i. e. a ^ T^), the token may return to n^. 
Since 93 has already fired, the token is stuck in n^ unless some a 
is firable and returns the token to ff" where it must stay. Again, the 

token is stuck in IT. only if M(A) = M.(A), i. e. (7 € T - T 

I A B* 

This description exhausts all possible firing sequences, and is 




Figure 10. 5 
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Echot? 



Fire y' 



A and B have their respective initial marking. 
Places tTq, ir^ and ff^ have one token each. 




Fire a in A 
and. echo it in B, 
reaching M(A) in A 
and M(B) in B. 



7 



I 



Fire y 



Token stuck in rt. 
M(A) = M^(A) 
M(B) ^ Mj(B) 

^ ^ ^A - Tb 

9 is not potentially 

fir able. 



Token stuck in ff" 

because 

M(A) Ji Mj(A) 

6 is permanently 
firable. 



1 



Fire 9 
M(A) >■ Mf(A) 



Token stuck in tr" 
because tt^p^ empty 

9 is permanently 




Fire a.- 
M(A)> Mf(A) 



Fire 9g: 
M{B) i M^(B) 



Fire y" 



firable. 




n 



Fire /3: 
M(B) > Mj(B) 



Fire a.- 
M(A)> M^(A) 



Token stuck in ir . 
M(A) = Mj(A) 
M(B) > Mj(B) 

a€ T^-Tg 

9 is not potentially 
firable. 



Figure l_0^ 
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summarized in Figure 10. 6. It appears that a Q-dead marking 
(where B is not potentially firable) can be reached if and only if 



a e T^ - T^: Transition 9 is live in the new net iff T . ^ T 



Summary of the decidability results of this chapter: 



B' 



QED 



EP£. ^Q. <^\ t^ 



undecidable 



IPX , EPX (firing sequences): 



reducible to RP 



IP<5^Q, EP^Q (terminal firing sequences): equivalent to RP 
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CHAPTER 11 
CONCLUSION: OPEN QUESTIONS AND CONJECTURES 

11. 1 Is Reachability Decidable? 

The decidability questions considered in this thesis fall into three 
classes: decidable problems, problems equivalent (or reducible) to the 
Reachability Problem, and undecidable problems. One might call these 
the three Petri Net "degrees of unsolvability". The decidability of the 
Reachability Problem is of course the major open problem in this area. 
Its resolution will not only settle most questions considered in this thesis, 
it will have repercussions in several fields outside of Petri Net theory, 
because of the connections mentioned in Chapter 1. 

Problems equivalent to the Reachability Problem typically involve the 
existence of a firing sequence satisfying certain effectively testable 
conditions, such as reaching a given marking (RP) or some t-dead 
marking (LP). Now, we can enumerate firing sequences of increasing 
length and check whether they satisfy the required conditions. The 
question iS: How long do we have to search before we may convince 
ourselves that no such firing sequence exists? In other words, is it 
possible to put a bound on the length of the shortest firing sequence 
satisfying the conditions, if such a sequence exists? We would expect 
such a bound to depend on the size of the Petri Net and of its initial 
marking. 

It is not difficult to construct a sequence of Petri Nets N. (i = 1, 2, . . . ) 
of size k • i (measured by the total number of arcs, i. e. the sum 
L (F(p, t) + B(p, t)) over all places and transitions) and with initial 
markings of x tokens, such that the shortest firing sequence reaching the 
zero marking is of length proportional to x •2^. In fact, a recent 
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construction by Lipton [39] can be adapted to Petri Nets to generate a 
sequence of nets N. such that the shortest zero- reaching sequence is of 
length proportional to x • 2 . This very rapid growth suggests that the 
Reachability Problem, if decidable, may still be quite complex. Indeed, 
a direct consequence of Lipton' s result is that the complexity of the RP 
is at least "exponential- space-hard" [39] 

In the preceding discussion, we have intentionally separated the size 
of the initial marking (x) from the size of the net (k • i). This is because 
of the following important observation: 

Every Petri Net we have ever constructed, no matter how 
contrived, has the property that the length of the shortest zero- 
reaching sequence (or of the shortest kiUing sequence) is bounded 
by a linear function of the size of the initial marking. 
The failure to find a counterexample has never proved anything, but it 
can provide a strong hint. There seems to be a pattern among the ways 
the various Petri Nets allow a killing sequence (a firing sequence which 
reaches some t-dead marking) of length proportional to the initial 
marking, and it is not unlike the pattern of firing sequences used to cover 
a marking of a given size, as in Chapter 3. A detailed analysis of the 
construction of coverability trees shows that, in a given Petri Net, there 
exists a constant K such that if a marking M (of size |m | ) is coverable, 
a covering marking can be reached by a firing sequence of length less 
than K . |m I. For a sequence of nets N. of size proportional to i. the 
corresponding constant K. may grow like 2^' (again using Lipton's 
constructions), and the best known upper bound appears to be Ackermann's 
function of i (cf. Hack [24]), 

Our conjecture with regard to the Reachability Problem is then: 
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Conjecture; 

The Reachability Problem is decidable. because for a Petri Net of 
size y with an initial marking of size x we can determine a constant 
Ky such that the zero marking is reachable iff it can be reached by a 

firing sequence of length less than K • x 

y ' 

^^•^ Some Suffici ent Conditions for the Undecidability of RP 

Given the versatility of possible Petri Net constructions and the 
surprising complexity of some of them, it is not unreasonable to suspect 
the undecidability of the Reachability Problem. Some colleagues believe 
the problem to be undecidable. and in the course of this research the 
author's opinion has oscillated a few times between decidability and 
undecidability. 

The undecidability results we have proved so far rely on a suitable 
encoding of a polynomial graph G(P). Suppose we could similarly encode 
the complement of a polynomial graph ; 

^iP) = I.-1 - G(P) = «x^ ... ,^^^> e ^-1 y^^^ p^^^ ^^^^^^^ 

The PGIP can then be reformulated as the emptiness problem for the 
intersection of a polynomial graph and the complement of a polynomial 
graph: 

G(P) c G(Q) « G(p) n ;S(Q) = 

Since Petri Net Languages are closed under intersection (Corollary 
8.3) and since their emptiness problem is reducible to RP, we can assert: 
A sufficient condition for the undecidability of RP is the 
possibility of encoding the complement of an arbitrary polynomial 
graph as an ^i^- language by the mapping used in Theorem 10. 1 for 
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I polynomial graphs. 
A direct corollary of the preceding condition is: 

A sufficient condition for the undecidability of RP is the 
closure under complementation of the Petri Net Language family 
Xq (or the inclusion in Xq of the complementation closure of £. 
£" or t^). 

It is also possible to use the closure properties of the family jf:^ 
(see Hack [24]) to show that the complement of an arbitrary polynomial 
graph can be encoded (as in Theorem 10. 1) inXj iff the language 
{a^b^ I y ^ x^} is an J^Q-language. 

A sufficient condition for the undecidability of RP is the 
existence of the language {a^b^ | y =: x^3 inX^ . 
Finally, a Petri Net which generates the language {a^b^ iy s x^J can 
be modified into a net where the length of the shortest zero-reaching 
sequence is proportional to the square of the size of the initial marking. 
Compare this with the conjecture of the previous section! 

^1-3 Decidability Questions for Restricted Classes of Petri Nets 

Although we defined both Generalized Petri Nets (GPN) and Restricted 
Petri Nets (RPN) in Chapter 2, all theorems in this thesis are true for 
GPN's as well as for RPN's. and the only proofs that need to be (slightly) 
modified are those of Lemma 4. 4 and Theorems 7. 3, 8. 1 and 10. 6. 

This is why we simply say "Petri Net" instead of "Ordinary Petri 
Net", GPN, or RPN. 

The more commonly used "Ordinary Petri Nets" (section 2. 2) have 
been subdivided into a number of classes in the literature, such as 
Simple Nets. Free-Choice Nets. Marked Graphs or State Machines . 
Definitions and further references can be found in Hack [18 ]. 
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State Machines, and, in a more general sense, all bounded Petri Nets. 
behave like classical Finite-State Autonnata, and all problems considered 
in this thesis are decidable for this class of Petri Nets. 

Marked Graphs are a subclass of the Persistent Petri Nets, and their 
mathematical properties have been extensively studied (Commoner [ 7 ]). 
Again, all problems are decidable, although languages generated by 
Marked Graphs have not been studied much (see, for example. Baker [3 ]). 

The Liveness Problem is decidable for Free- Choice Nets, because 
liveness in these nets depends only on simple structural properties, by a 
Theorem of Commoner (see Hack [18]). On the other hand, all 
constructions for Reachability and Equivalence can be carried out using 
Free-Choice Nets, and thus have the same status as for GPN's. 

Simple Nets include the Free-Choice Nets and have the same Reach- 
ability and Equivalence Problems as GPN's. Although there is a simple 
sufficient condition for liveness in Simple Nets, no useful necessary 
condition is known, and the Liveness Problem is unsettled. 

We have already mentioned (section 5.2) that the Liveness Problem is 
decidable for Persistent Nets, but Reachability and Equivalence are 
unsettled. 

Because of the remark following Theorem 5.2, the Reachability 
Problem and the Equivalence Problem for Live Nets are the same as for 
GPN's. 

Finally, let us mention the interesting class of Symmetric Nets. 
where for each transition t there is a "reverse" transition f such that 
F(p, t) = B(p, f) and B(p, t) = F(p. f). In Symmetric Nets every 
potentially firable transition is live, so liveness is decidable. Reach- 
ability is decidable because Symmetric Nets are closely related to 
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commutative semigroups (Cardoza [ 6 ]). 

Let us also mention in a few words some further generalizations (as 
opposed to restrictions) of Petri Nets. There has been some controversy 
about the modelling power of Petri Nets: Can they - or can they not - 
represent "all" synchronization problems (Patil [51 ]; Parnas [47]; 
Habermann ttS])? It is implicit in his paper [16 ] that Habermann could 
only be satisfied by a formalism which has the power of Turing Machines. 
A more reasonable approach is to check a number of classical synchron- 
ization problems. It then appears that all practical synchronization 
problems which Petri Nets fail to solve involve the notion of priority ; 
certain things can happen only if no things of higher priority can happen. 
These problems can be solved if we modify the firing rule of Petri Nets 
to include zero-testing transitions or arcs, which are enabled only if 
their input place contains no tokens. The inability of Petri Nets to test 
for zero (for several reasonable definitions of "zero-testing") follows 
from the containment property (Theorem 2. 1) of Petri Nets (Keller [34], 
Kosaraju [37]). The inclusion of zero-testing arcs has been proposed by 
Agerwala [2 ], among others. By comparing the resulting "Inhibitor 
Nets" with Minsky's Program Machines (cf. section 1.3), it appears that 
these nets have the full power of Turing Machines. We have shown 
(Hack [24]) that priority firing rules have exactly the same effect, and 
that "Inhibitor Nets" and "Priority Nets" can be simply transformed into 
each other. It is not difficult to see that for these "improved" Petri Nets 
most problems treated in this thesis, such as boundedness and reach- 
ability, are undecidable. 



11.4 Conclusion 



The subject of Decidability Questions for Petri Nets has by no means 
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been exhausted. There are a number of problems which seem to be 
more difficult than Reachability (i. e. reducibility is suspected in only one 
direction), for which we have not been able to prove their undecidability: 
Is the Reachability Set strongly connected, i. e. is every reachable 
marking also reachable from every other reachable marking? Does 
there exist a live initial marking? Does the Reachability Set contain 
some live marking? Is every marking which agrees with a given 
submarking reachable ("strong" submarking reachability; see the 
discussion following Definition 2. 18)? These problems belong, for the 
time being, in a fourth Petri Net "degree of unsolvability". between RP 
and undecidability. 

The author's original goal was to settle the decidability of Reachability, 
and to develop insights into the complexities and possibilities of Petri 
Nets as a mathematical model. The first goal proved to be too 
ambitious; we only found relative reducibilities, as well as a number of 
new undecidability results (the various equivalence problems). We leave 
it to the reader to assess the fulfillment of our second goal, and wish her 
or him a successful investigation of the remaining open problems. 
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APPENDIX 
SETS OF VECTORS OVER THE AUGMENTED INTEGERS O 

In this appendix we shall prove various results presented in section 
2. 6 concerning the properties of the complete lattice of vectors over the 
augmented integers Oand its non-complete sublattice of vectors over the 
non-negative integers IN. Completeness in this sense means that every 
subset of O^ has a least upper bound (lub) with respect to the partial 
order s for vectors. Let us first recall the relevant definitions (the 
numbering is as in Chapter 2): 

Definition 2.22 ; 

'^^^ augmented set of non- negative integers is the set 
= IN U {to}, where w is an element which behaves like an 
integer larger than any given integer and is characterized by: 
Vn€]N:a}?^n&u)^n&co+n = w&u3-n = u)& 

Definition 2. 25 ; 

A chain C £ fl'' jg a subset which is totally ordered under ^, i. e. 

C = {Vq, Vj, . . . V^. } and V^.^^ > V^ (for all j if C is infinite. 

or up to j = Id - 2 if C is finite). 

Definition 2.26 ; 

A subset A c O is chain- complete iff. for every chain C c A. 
its least upper bound is an element of A: lub (C) € A. 
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Definition 2.27 ; 

A subset A c n is monotone iff vV 6 A: V s V =» V € A. *^ 

Definition 2.28 ; 

For a set A c Q^, its set of maximal elements A is the set: 
A = {V 6 A I ^ V € A: V > V} 

Definition 2.29 ; 

For a set A e O^, its chain- completion A^ is the smallest 
chain- complete set containing A. 

The following Theorem forms the basis of many finiteness proofs; 

Theorem 2. 4: 

(a) Every infinite subset of O^ contains an infinite chain. 

(b) Every set of mutually incomparable vectors in Cl^ is finite. 

Proof ; 

(a) Every infinite sequence of integers or augmented integers 

contains an infinite nondecr easing (scattered) subsequence, 
because if there does not exist a strictly increasing subsequence, 
there must exist some number (or co) which is repeated infinitely 
often, and whose repetition also forms an infinite nondecreasing 
subsequence. 

If we now have an infinite subset of fl^, we may arrange it into 
an infinite non-repeating sequence (Cl'' is denumerable). From 
this sequence we can now extract an infinite subsequence non- 



*) Such sets are also known as -order ideals' . 



r 
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decreasing in the first coordinate, from which we extract an 
infinite subsequence also nondecreasing in the second coordinate, 
and so on for all r coordinates. In this manner, we end up with 
a non-repeating infinite subsequence which is nondecreasing in 
each coordinate, and thus forms a chain, 
(b) A direct consequence of (a) is that every infinite subset of IN 

or CI contains distinct comparable elements. A set of 
incomparable vectors must thus be finite. 

QED 
Corollary 2.1 ; 

A 

A set of maximal elements A, as defined in Definition 2.28, is 
always finite. 



Proof ; 

Maximal elements are incomparable. 

QED 



The proof of Theorem 2. 5 requires a few Lemmas. 



Lemma 2.1 ; 

If A c O is a chain- complete set, then: 

A 

V 6 A =» (aV € A: V « V) 



Proof ; 

Given V € A. let B = {V 6 O^ |V' ^ V] H A. Let C c b be a 
chain in B. Since B £ A, C is a chain in A and. by chain- complete- 
ness of A, we have lub (C) € A. On the other hand, we have V V" 6 C; 
lub (C) 2 V" ^ V. Hence, lub (C) SB and B is chain-complete. 
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We also have B E A. Indeed, suppose that V 6 B but V ^ A, 

i.e.. 3V" € A: V" > Vt. Since V" > V ^ V. it follows that V" € B. 
implying V ^ B. 

Now, Zorn's Lemma assures that every chain- complete set 
contains a maximal element, which implies B ?^ : Thus: 

QED 



V€A =» aV'€B£A:V'2tV 



Note ; 

This Lemma is actually a variant of Zorn's Lemma and is not 
restricted to A c o'". If A c O^ it can also be proved directly by at 
most r induction arguments constructing infinite chains in A which 
eventually lead to a maximal element. 

For the following Lemma we need two functions f, g: IN x O^ ■♦ O'". 
Given an integer b and a vector V, f(b, V) is the result of replacing in V 
those coordinates which are not less than b by w, and g{b, V) is the result 
of replacing these same coordinates by b: 



/f(b,V)(i) = ifV(i)2b then co else V(i) 
1 ^ i ^ r: I 

\ g(b, V)(i) = if V(i) ^ b then b else V(i) 



In other words, a vector V whose finite coordinates are less than b is 
characterized by f(b, V) = V, and if B c O^ is a set (necessarily finite) 
whose elements have no finite coordinates which reach or exceed b, we have: 



b is a bound on ) 

the finite coordinates ) « Vy € B: f(b V) = V 

of vectors in B ) ' ' 
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We interpret "bound" in the exclusive sense: The bound strictly 
exceeds that which is bounded. 

We shall show that in the case of the set of maximal elements A of a 
monotone set A, we can effectively find such a bound b by testing for 
membership in A. 

The following numbered, easily verified properties of the functions f 
and g will be used (<b>^ is the vector in IN^ all of whose coordinates are 
equal to b). 

(1) f(b.V) s V 

(2) g(b.V) ^ V 

(3) g(b,V) s <b>^ 

(4) f(g(b.V)) = f(b,V) 

(5) V ^ V =» f(b,V) s f(b.V') 
Now we shall prove: 

Lemma 2.2 ; 

r A 

If A c O is monotone and chain- complete, and A is the set of 

maximal elements of A, then b is a bound (in the strict, exclusive 

sense) on the finite coordinates of maximal elements iff: 

(*) VV < <b>^: V 6 A =» f(b.V) 6 A 

Proof ; 

if part: Suppose V € A and som6 finite coordinates reach or 
exceed b, i. e. f(b, V) / V. By (1). it follows that f(b, V) > V, and 
since V is maximal, this implies f(b, V) 4 A. 

By (4), we also have f(g(b, V)) ^ A, and by (3) we have g(b, V) s <b> 
But then the contrapositive of hypothesis (*) implies that g(b, V) 4 A. 



r 



-182- 

This, together with (2). contradicts the monotonicity we have 
assumed for A. (Note that chain-completeness is not required for 
this part. ) 

onjjTjf part: Since A is finite (Corollary 2. 1), there exists a 
bound b such that: 

V € A => f(b, V) = V 

From Lemma 2. 1 (which is where chain- completeness is needed) it 
follows that: 

V g A => :irV' 6 A: V ^ V 

By (5) this implies f(b. V) s f(b, V), and, since V 6 ^: V ^ f(b, V). 
Then f(b, V) € A follows from the monotonicity of A. 

QED 

Now we are ready to prove: 

Theorem 2. 5: 

If A c O is monotone and chain- complete, then its finite set of 
maximal elements A is uniformly reducible to A, and it , 
characterizes A as follows: 

A = {V 6 O^ I :3V' € A: V S: Vj 

Proof : 

Since A is monotone and chain- complete, we have XcA and: 
VV € Ci^: CeV € A: V s y) =» V € A 
Lemma 2. 1 shows that the converse also holds: 

VV € : V e A => ( 3V' € A: V s V). 
This proves the characterization of A by A, 

To establish the uniform reducibility of A to A. we must show how 
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to generate exhaustively all vectors in A. Since A is finite 
(Corollary 2.1), there exists a bound b on the finite coordinates of its 
elements. This bound can be found by testing larger and larger 
integers b for the property (*) of Lemma 2. 2, which involves a finite 
and bounded number of membership tests in A at each step. 

Once a bound b has been found, only a bounded number of vectors 
are candidates for membership in A. For each candidate V, the 
following procedure tests whether V 6 A: Let U. be the vector 
U.(3) = if i = j then 1 else 0. Then 

[V € A & (V i. 1 s i ai r: V + U. ?^ V =» V + U. ^ A)] « [V € ^] . 
This follows from the definition of A and the monotonicity of A. 

QED 

For the sake of completeness, it should be noted that the converse of 
Theorem 2.5 also holds, i.e. that: 

A = {V € O Uv € A: V ^ V} =» A monotone and chain -complete. 
This is thus a useful characterization of monotone and chain- complete 
sets of vectors over the augmented integers O. 

We shall now study the chain- completions of monotone sets. 

Lemma 2.3; 

Let C be a chain in a monotone set A c Q^, and let V = lub (C). 
Then we have: 

VV 6 IN^: V ^ V =» V 6 A 

Proof ; 

Whether C is infinite or not, it must contain a vector V" such that 
V i V" ^ V, because each coordinate in the chain must eventually 
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reach or exceed the corresponding coordinate of V, which is finite. 
But this vector V" covers V and, being in C, is an element of A. 
Since A is monotone, V is also in A. 

QED 
Theorem 2. 6 ; 

The chain- completion of a monotone set Ac Q^ is monotone and 
consists exactly of the least upper bounds of all chains in A. (if 
A £ IN , then A - A consists exactly of the least upper bounds 
of all infinite chains in A. ) 

Proof ; 

(a) composition of A*^; 

a'^ certainly contains all the lub's of chains in A. These lub's 
include the elements of A, which are the lub's of one-element chains. 
It remains to be shown that nothing else is in A^ i. e. that the set 
A' = A u {all lub's of chains in A} is already chain- complete. 
If A' is finite, there is no contest, so let us assume that 

C = [Vj, Vg, . . . } £ A' is an infinite chain in A'- V i- V > v 

•'■ j+1 ^j- 
Some of these V.'s may have u) -coordinates. 

Let us scan along the sequence V^, Vg, . . . and replace each V. 
by y.' as follows: 

J 

Vj>l; l^i^r: Vl(i) = if v.(i) = uj then Vl_j(i)+ 1 else V.(i) 
These vectors VI form a chain C c ]N^ and it is clear that C and 
C have the same lub: V = lub (C) = lub (C). Each vector V. € C is 
thus covered by V = lub (C). But then Lemma 2. 3 implies v\ € A', 
so that C is also a chain in A' fl m^. Now we observe that ^ 
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A- n IN = A n IN . because if the lub of a chain in A has no 
co-coordinates, it is the lub of a finite chain, and hence an element of 
A. Thus C is a chain in A, and its lub is in A': We have proved 
V € A', and thus the chain- completeness of A', 
(b) monotonicity of A*^: 

Let V 6 A^ and let V ^ V. From (a) it follows that there 
exists a chain C £ A whose lub is V. If we scan the vectors in C in 
increasing sequence, each coordinate must eventually reach or exceed 
any finite coordinate of V. Let V 6 C be a vector which covers V 
in every finite coordinate of V-. and let C" be the chain of all vectors 
following V in C. so that lub ( C" ) = lub ( C) = V. Each vector in C" 
covers V in the finite coordinates of V. Now let C be the chain 
obtained by replacing in each vector of C" those coordinates which 
exceed V by the corresponding coordinates of V. The monotonicity 
of A (recall that C" c c e A) implies that C c A. and clearly 
V = lub (C ). Hence V 6 A^ and A^ is monotone. 

QED 

Corollary 2.2 ; 

If A c IN is monotone, then A = A^ IN^, 

Proof ; 

This follows from Theorem 2. 6 and the fact that any lub which is 
not in A is the lub of an infinite chain, and thus contains u; -coordinates. 



QED 



Let us now recall the definition of agreement between two vectors 
V. V € n (Definition 2. 15). expressed in vector notation; 
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V agrees with V. written V « V. iff the coordinates which are 
finite in both V and V are equal in V and V: 

V«*V' « (vi. isii^r: V(i) + V'(i) 7^ uJ => V{i) = V'(i)) 

From this definition it follows that: 

V e IN^, V i IN^: VwV =» V < V 

V 6 IN^, V 6 IN^: V«V' =» V = V 

Then a characterization of chain- completion is given by: 

Theorem 2.7 ; 

The chain- completion A of a monotone set A c IN is such that 
A^ = {V en^lvV 6 IN^: V'«V =» V € A} 

Proof ; 

(a) Let V e A^. V € IN^ and V «* V. Then V ^ V. and since A^ 
is monotone (Theorem 2. 6). V € A*^. Hence V € A*^ H IN^. 
which implies V € A (Corollary 2.2). 

(b) Let V be such that V V 6 IN^; VriV =» V € A. Define a 

sequence of vectors V . V„ ... such that V.(i) = if V(i) = to then 

I ^ J — 

j else V(i), 1 i i s r. Clearly, {V^. . . . , V . . . } is an infinite 

•I 

chain whose lub^ is V, and such that Vj, V.wV, so that it is a 
chain in A. This implies V 6 A° by the definition of chain- 
completion. 

QED 

Finally, we have 
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Theorem 2. 8: 



— -n>Tr . 



If A ^ IN is monotone, then there exists a finite set 
(V^. ■ . . , V^} = A^^. uniformly reducible to A^, such that: 

A = ivejNnV^Y^ or V ^ V_ or ... or V^v] 






Proof: 



This is a direct consequence of Theorem 2. 5. Theorem 2. 6 and 
Corollary 2,2. 



QED 



For results and proofs about semilinear sets, the reader is referred 
to Ginsburg and Spanier [14]. 



5. 



6. 
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